Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sprint Nextel's proposed buyout of network partner Clearwire may be inevitable, and it could help Sprint keep its signature unlimited mobile data plans alive.
 

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Some of the distributed denial-of-service (DDoS) attacks that targeted the websites of U.S. financial institutions this week have peaked at 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks.
 
Social media has changed more than the way companies market and promote themselves. Social networking has also changed the way companies recruit, how they communicate internally and how they handle sensitive data.
 
Facebook has launched a new version of its app for Android smartphones that promises users speedier access to their messages, timeline and news.
 
Project Blitzkrieg, a coordinated attack against U.S. banking customers allegedly planned for the spring of 2013, is a real and credible threat, security researchers at McAfee have said.
 
Apple co-founder talks about growing smartphone market, reflects on Apple's past
 
A federal jury in Delaware has found Apple's iPhone infringes on three patents held by MobileMedia, a patent-holding company formed by Sony, Nokia and MPEG LA.
 
The U.S., U.K. and Canadian delegations to a worldwide telecom treaty-writing meeting will not ratify a resolution approved by the majority of countries because regulations will include provisions on Internet governance and content.
 
Verizon Wireless Thursday announced that it will start upgrading Samsung Galaxy S III smartphones on its network to Android 4.1 operating system tomorrow.
 
The U.S., U.K. and Canadian delegations to a worldwide telecom treaty-writing meeting will not ratify a resolution approved by the majority of countries because regulations will include provisions on Internet governance and content.
 
Sprint Nextel has offered US $2.1 billion, or $2.90 a share, for the nearly one-half interest in mobile broadband firm Clearwire that the company doesn't already own.
 
FCKEditor 'FileUpload()' Function Arbitrary File Upload Vulnerability
 
Malware attacks were the most prominent in the retail and financial services industries in 2012.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google has been dragged into adopting rival Microsoft's Patch Tuesday, fallout from an Adobe move last month.
 
Survey reveals developers' negative opinion of Apple, but huge interest in building for iOS devices; Android also gets top marks
 
AT&T is putting the pedal to the metal on its LTE deployments, saying Thursday it has added seven more markets to its list, atop of the four market launches it had announced three days earlier.
 
Network Reconnaissance in IPv6 Networks (errata)
 
[security bulletin] HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
 
RVAsec 2013 CFP Now Open
 
Reports of the drastic decline of e-readers amidst an explosion in multi-use tablets re-ignited a passionate debate in technology: Is a single-purpose device better and worth the cost, compared to a multi-function device
 
Drupal Basic webmail Module Cross Site Scripting and Information Disclosure Vulnerabilities
 
Joomla! Predictable Password Generation And Information Disclosure Vulnerabilities
 
Centreon 'menu' Parameter SQL Injection Vulnerability
 
Network Reconnaissance in IPv6 Networks
 
'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469)
 




[guest diary submitted by Russell Eubanks]





If you knew your network was going to be attacked tomorrow, what specific actions would you take today? Treat yourself to lunch at your desk as you consider the following suggestions.





Look for opportunities to improve your detection capabilities. In your security lab, try changing operating system and application configurations to see if your current policies are able to detect and alert on these actions. If not, create new alerts that are labeled with the action you used to generate these events. This a great foundation to actively seek the activity that you are currently missing.





Update the contact information for everyone on your Incident Response Team. Be certain that everyone you have listed knows they are a part of the team and understands their role when an incident occurs. When was the last time you held an exercise to make sure that everyone listed on the team can be reached in an acceptable amount of time? Schedule an update for the team today. Consider providing them with lunch or an another appropriate token of your appreciation for serving on the team.





Leverage data from the Top 100 Source IP addresses as seen by the SANS Internet Storm Center at http://isc.sans.edu/ipsascii.html. Consider a daily report that shows the traffic between your hosts and those found on this list. Traffic to and from these hosts may not indicate an attack, but may very well prove worthy of your investigative efforts.





Create new alerts based on information found in your logs. These alerts can be scheduled to run every few minutes and configured to notify you if more than zero occur. Pay particular attention to trends that stand out over time. Can you determine the normal usage patterns over a given time period? How would you know if something outside of this baseline started to occur or stopped occurring? How quickly would you know if a critical system stopped sending logs to you?





Schedule and perform regular security architecture reviews. Start with a copy of your network diagram and assume the role of your attacker. Determine how its current defensive and monitoring capabilities could be defeated. Make sure you can detect this type of attack going forward. Implement changes based on that review session today to prevent that type of attack from succeeding. As a final step in this exercise, update your network diagram to reflect any changes you made.





Become familiar with the 20 Security Controls http://www.sans.org/critical-security-controls as a means to implement or enhance your continuous monitoring capabilities. Spend some time on the website to learn about the controls and how they can be applied in your network. Focus specifically on the Quick Wins section on each control to get a better sense of the intent behind each objective. If starting fresh, Controls 1 and 2 could very well be a good place to start.





Finally, use the following suggestions as a means to be intentional about network security monitoring. Conduct recurring IRT peer reviews to solicit their suggestions for improvements. Publish regular reports to the IRT, noting specific items that would be useful to the team. Invite the IRT to subscribe to the SANS Internet Storm Center Daily Podcast at https://itunes.apple.com/us/podcast/sans-internet-storm-center/id304863991. Make a recurring calendar appointment to do this activity with your IRT over and over again.





What additional suggestions do you have that support intentionally monitoring the security of your network?
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A federal jury in Delaware has found Apple's iPhone infringes on three patents held by MobileMedia, a patent-holding company formed by Sony, Nokia and MPEG LA.
 
File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2
 
OpenDocMan 1.2.6.2 - 3 Vulnerabilities
 
Addressbook v8.1.24.1 Group Name XSS
 
To handle the explosion of mobile devices in the enterprise, Dell this week unveiled plans for a server designed to automate a wide range of mobile management jobs for mid-range business customers.
 
In an exclusive interview, the voluble CEO of Cloudera, Mike Olson, holds forth on the company's new Impala project and the boundless potential of Hadoop.
 
A federal jury in Delaware has found Apple's iPhone infringes on three patents held by MobileMedia, a patent-holding company formed by Sony, Nokia and MPEG LA.
 
OpenStack Nova CVE-2012-5625 Local Information Disclosure Vulnerability
 
[ MDVSA-2012:179 ] cups
 
Oracle is planning to buy DataRaker in a move that will give it a cloud-based platform for analyzing data from smart meters used by energy utilities. Terms of the deal, which was announced Thursday, weren't disclosed.
 
U.S. Immigration and Customs Enforcement will begin a pilot deployment of smartphones running Research In Motion's new BlackBerry 10 OS early next year.
 
Sprint Nextel has offered $2.1 billion, or $2.90 a share, for the nearly half interest in mobile broadband firm Clearwire that it doesn't already own.
 
With a few JavaScript commands, any web page can track the mouse cursor in Internet Explorer – even if the cursor is located outside of the browser window
 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
AT&T is putting the pedal to the metal on its LTE deployments, saying Thursday it has added seven more markets to its list, atop of the four market launches it had announced three days earlier.
 
The so-called Butterfly botnet is supposed to have netted its operators more than $850 million. Cooperation between Facebook and the FBI led to the arrest of ten individuals in seven countries


 
Growth in the storage market slowed down during the third quarter, but vendors such as Hitachi, EMC and Fujitsu still had a good three months thanks in part to sales of high-end systems.
 
Apple and four other e-book publishers have settled an antitrust battle with the European Union.
 
Sharp is gearing up for its entry into the 4k TV market with a 60-inch set that will sell for more than $30,000 and launch in Japan in February.
 
Belgian French-language news publishers settled a copyright dispute with Google, agreeing to promote each others services while Google will pay all legal fees.
 
HTML5 has been dissed, dismissed and disrespected of late, but defenders say the evolving standard is still the best choice for platform-independent mobile app development. Insider (registration required)
 
Microsoft launched a new anti-piracy campaign in China to highlight the security risks of buying counterfeit software.
 
Police in Japan are looking for an individual who can code in C#, uses a "Syberian Post Office" to make anonymous posts online, and knows how to surf the web without leaving any digital tracks -- and they're willing to pay.
 
Google has made its Maps app available on the Apple App Store, after Apple stumbled with its own maps application.
 
Some advertising analytics companies are using a vulnerability in Microsoft's Internet Explorer browser for a questionable edge in figuring out if web users are seeing display advertisements buried within web pages.
 
Juniper Networks this week acquired Contrail Systems, a startup that makes controllers for software-defined networks, for $176 million in cash and stock.
 
It could be be the final word on e-readers. Analysts are sounding a proverbial death knell for the devices, which have declined 36% in 2012 as buyers turned instead to multi-use tablets.
 
Unfathomable riches in one's favourite game and full versions that are free of charge - apps for Windows 8 offer little resistance to ambitious hackers, claims an engineer who should know


 
Apache CXF Elements Validation Security Bypass Vulnerability
 
With a few JavaScript commands, any web page can track the mouse cursor in Internet Explorer – even if the cursor is located outside of the browser window


 
Internet Storm Center Infocon Status