Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Django Multiple Security Vulnerabilities
 
Bugzilla Multiple Information Disclosure Vulnerabilities
 
JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability
 
TCExam Prior 11.3.008 Multiple SQL Injection Vulnerabilities
 

Route1, InfoSec Institute and MSPAlliance to Host Webinar on Security, Remote ...
Virtual-Strategy Magazine
Route1 Inc. (TSXV: ROI), a digital security and identity management company, today announced that in conjunction with the InfoSec Institute and the International Association of Cloud and Managed Service Providers (MSPAlliance), that it will host a free ...

and more »
 
Sprint will sell the Motorola Photon Q smartphone for $199.99 and a two-year service plan starting on Sunday.
 
HP CEO Meg Whitman is telling the company's India workers that they won't be hit by HP's plans to cuts its global workforce.
 
Responding to the trend of streamlining data-center management, Zenoss has added to its network monitoring software support for a popular open-source messaging bus.
 
[SECURITY] [DSA 2527-1] php5 security update
 
[ MDVSA-2012:131 ] libotr
 
Last reminder for Passwords^12 : Call for Presentations
 
A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
[security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS)
 
A survey of 1,200 federal, state, and local law enforcement professionals by LexisNexis Risk Solutions reveals that using social media as an investigative tool is taking hold. Here's how the numbers stack up.
 
Microsoft today said that Windows RT, the spin-off of Windows 8, has been completed and will power ARM processor-equipped.
 
Violin Memory plans to add deduplication, thin provisioning, snapshots and other features in a software update for its all-flash storage arrays, in a bid to match some key features that enterprises are used to getting in disk-based platforms.
 
[ MDVSA-2012:130 ] openldap
 
We're pretty sure the extinction of the dinosaurs had nothing to with biblical Armageddon, yet Adult Swim's laughably bizarre interpretation of prehistory wins big points for goofy creativity. Velocirapture puts you in control of the floating hand of a mighty dinosaur deity. Doling out benevolence or wrath as you see fit puts a neat spin on the frantic end-times puzzle action.
 
Google's decision to cut 20% of the workers from its Motorola Mobility unit re-ignited fears that Google was primarily after the 17,000 patents Motorola held when it was acquired in May.
 

Route1, InfoSec Institute And MSPAlliance To Host Webinar On Security ...
Daily Markets
Route1 Inc. (TSXV: ROI), a digital security and identity management company, today announced that in conjunction with the InfoSec Institute and the International Association of Cloud and Managed Service Providers (MSPAlliance), that it will host a free ...

and more »
 
Name: Mark Partin
 
Although customers who subscribe to Office 365 will be able to install and run Office for Mac as part of the five-copies-per-plan deal, the Mac suite will sport few changes, Microsoft has said.
 
Google plans to buy the travel guide publisher Frommer's, as well as other travel publishing assets, from John Wiley & Sons, as the search company continues beefing up its original content.
 
Last week saw the launch of the first commercial Voice-over-LTE (VoLTE) services, but most operators are likely to take a cautious approach as they face technical and business challenges.
 
President Barack Obama pledged to keep science and technology funding strong following the success of NASA's Curiosity rover landing on Mars.
 
[ MDVSA-2012:129-1 ] busybox
 
[ MDVSA-2012:129 ] busybox
 
Craig contacted the Storm Center inquiring about an interesting scan he has seen on his server for the last several days. The scan is at the same time everyday and only runs for a brief time, but it comes from random IPs and at a volume which almost cripples his web server for the duration of the scan.
Below are some sample logs:
209.19.138.103 - - [13/Aug/2012:06:12:53 -0500] GET /usmle-step-2-ck%26sa%3DU%26ei%3DweAoUKXcGO7ciQLpqoHACQ%26ved%3D0CCAQFjAE%26usg%3DAFQjCNGLZeLateC1dfcmOI4HHHZ33eaFbQ HTTP/1.1 404 27320

207.70.9.103 - - [13/Aug/2012:06:12:53 -0500] GET /usmle-step-1/step1%26sa%3DU%26ei%3DweAoUKXcGO7ciQLpqoHACQ%26ved%3D0CDIQFjAN%26usg%3DAFQjCNE7gGV1WVr1oas2WycwK6HXMTDc9Q HTTP/1.1 404 27323

209.19.152.71 - - [13/Aug/2012:06:12:55 -0500] GET /comlex-level-1%26sa%3DU%26ei%3DweAoUKXcGO7ciQLpqoHACQ%26ved%3D0CCQQFjAG%26usg%3DAFQjCNE9KmW1x2RLSZwTtSFJQlaciBdtZQ HTTP/1.1 404 27319

209.19.182.245 - - [13/Aug/2012:06:12:53 -0500] GET /pharmacology/%26sa%3DU%26ei%3DweAoUKXcGO7ciQLpqoHACQ%26ved%3D0CBoQFjAB%26usg%3DAFQjCNGWpETjIQO-QezV9OEnvmPeKrlWDA HTTP/1.1 404 27318

207.70.60.19 - - [13/Aug/2012:06:12:53 -0500] GET /usmle-step-2-ck/coupons/2g35%26sa%3DU%26ei%3DweAoUKXcGO7ciQLpqoHACQ%26ved%3D0CDAQFjAM%26usg%3DAFQjCNEgHYVBqXDBUNuyVgwAjaAlyRl12A HTTP/1.1 404 27333

They all appear to be a potentially valid URLfollowed by an encoded string and all the requests appear to be looking for content related to USmedical certification exams.
I haven't been able to find any further information on this scan. If any of you has seen this, or can provide any insight we would appreciate a heads up, either through our comments section or our contact page. I will summarize any information that comes in.
Update: Craig's site is a USMLEtesting prep company. The URLs are valid for his site, it is the encoded bit after the URLthat is of interest.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Premier 100 IT Leader Raman Mehta also answers questions on returning from an extended maternity leave and finding some economic sectors with a future.
 
Ford dealers now have an iPad app they can use to quickly check available inventory and offer product information to help customers in their showrooms.
 
Speculation about the font that is installed with the Gauss trojan asks whether it is part of the malware or is just a digital marker


 
Red Hat plans to release an enterprise grade version of the OpenStack open source software for hosting IaaS (infrastructure as a service) deployments.
 
Cisco IOS CVE-2012-1344 Remote Denial of Service Vulnerability
 
While others are discussing measures against sexual harassment, Phrack hacker magazine acts with embarrassing indelicacy


 
Swiss researchers propose replacing the brute force methods that have been used when tracking down the origins of an internet threat with a new algorithm and the surveillance of specifically selected information nodes


 
rssh CVE-2012-3478 Security Bypass Vulnerability
 
The consumerization of IT is about much more than just BYOD.
 
A small but growing universe of enterprise IT shops are adopting -- or at least evaluating -- flash storage technology, and they're finding that it can be cost-effective in spite of its high price tag.
 
The United States has been shipping application development work offshore for years, but cloud computing may help make the U.S. a provider of data center services to enterprises in other countries.
 
Gen. Keith B. Alexander, National Security Agency director, addressed attendees of the recent Defcon hacker conference and asked for their help to secure cyberspace.
 
Oracle researchers are winding down development of the Fortress programming language for high-performance computing, an effort started nearly 10 years ago by Sun Microsystems.
 
Congress may need to pass a law to limit the way government agencies and private companies use facial recognition technology to identify people, a U.S. senator said recently.
 
Several major software companies, including Microsoft and Symantec, kicked off an initiative called International Technology Upgrade Week to persuade customers to keep their code current.
 
Apple's suppliers had a banner July, providing yet another clue that the company has geared up production to release a new iPhone and a smaller iPad in four weeks, an analyst said.
 
The security products and techniques you rely on most aren't keeping you as secure as you think
 
IT leaders must learn to tell whether a new technology will transform their businesses -- or just become the next boondoggle. Four CIOs offer their perspectives.
 
Motorola Mobility is cutting 4,000 employees as the company shifts its emphasis from feature phones to focus on high-end devices, the company said late Sunday.
 
 
 
Debian 'libotr2' Package Multiple Heap Based Buffer Overflow Vulnerabilities
 

Posted by InfoSec News on Aug 13

http://www.nextgov.com/health/2012/08/hackers-hold-health-data-hostage/57353/

By John Pulley
Nextgov
August 10, 2012

While identity theft is the primary concern when the security of medical
records is compromised, a disturbing new trend is emerging: hackers
holding the data for ransom.

A recent case involved the Surgeons of Lake County, a medical practice
in Libertyville, Ill., where hackers were able to access electronic
medical records...
 

Posted by InfoSec News on Aug 13

http://www.dailymail.co.uk/news/article-2187543/Dell-tycoons-teen-daughter-Twitter-account-shut-father-spends-2-7million-security--tweets-familys-EVERY-MOVE.html

By Snejana Farberov
Mail Online
12 August 2012

The billionaire CEO of the computer giant Dell Inc has learned the hard
way that money cannot buy a sense of security, especially when efforts
to keep the family safe are being thwarted from within - by his own
daughter.

Like most...
 

Posted by InfoSec News on Aug 13

http://www.dailytrust.com.ng/index.php/news/174175-gov-aliyus-e-mail-account-hacked

By Aliyu M. Hamagam
Daily Trust
13 August 2012

Niger State governor, Dr. Mu’azu Babangida Aliyu, has raised an alarm
over his e-mail account which he said has been hacked.

A statement by his spokesman Danladi Ndayeba yesterday said Aliyu’s
e-mail account has apparently been hacked by unknown persons who used to
send massages to many of his contacts...
 
Internet Storm Center Infocon Status