Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Tor is apparently no longer a safe place to run a marketplace for illegal goods and services. With the alleged operator of the original Silk Road marketplace, Ross Ulbricht, now going to trial, the arrest of his alleged successor and a number of others in a joint US-European law enforcement operation, and the seizure of dozens of servers that hosted "hidden services" on the anonymizing network, the operators of the latest iteration of Silk Road have packed their tents and moved to a new territory: the previously low-profile I2P anonymizing network.

On the surface, I2P (which originally was an acronym for "Invisible Internet Project") is similar in many ways to the Tor Project's anonymizing service. Like Tor, I2P encapsulates and anonymizes communications over the Internet, passing Web requests and other communications through a series of proxies to conceal the location and identity of the user. Like Tor, I2P also allows for the configuration of websites within the network that are concealed from the Internet at large. Called "eepsites," these equivalents to Tor's hidden services can only be reached by using the anonymizing network or a portal site that connects to the I2P proxy network.

But there are some significant differences between Tor and I2P beneath the surface, from the technologies they are based on to how the networks are implemented. In many ways, I2P is a much less mature technology than Tor—but it has the potential to anonymize a greater range of applications and services as it gains adoption, and its architecture is theoretically less vulnerable to the sorts of de-anonymizing attacks that some researchers have claimed to have been able to use against Tor.

Read 9 remaining paragraphs | Comments

 

RT

Obama proposes cyber law update in wake of Sony hack
RT
​The White House has unveiled a proposal aimed at strengthening cybersecurity within the US by encouraging sharing between sectors and installing new penalties after a series of high-profile attacks targeted government and private sector networks.

and more »
 

It sounds like the stuff of a James Bond flick or something described in documents leaked by former NSA subcontractor Edward Snowden. In fact, the highly stealthy keystroke logger can be built by someone with only slightly above-average technical skills for as little as $10. Called KeySweeper, it's a device disguised as a functioning USB wall charger that sniffs, decrypts, logs, and transmits all input typed into a Microsoft wireless keyboard.

KeySweeper is the brainchild of Samy Kamkar, a hacker who has a track record of devising clever exploits that are off the beaten path. The namesake of the Samy worm that inadvertently knocked MySpace out of commission in 2005, Kamkar has concocted drones that seek out and hack other drones and devised exploits that use Google Streetview and Google Wi-Fi location data to stalk targets. His hacks underscore the darker side of the connected world that makes it possible for bad guys to monitor our most private communications and everyday comings and goings.

KeySweeper follows the same path. Unveiled on Monday, it provides the software and hardware specifications for building a highly stealthy sniffing device that plucks out every keystroke inputted to a Microsoft wireless keyboard. The device can either log the input on a chip for physical retrieval later, or it can use an optional GSM chip to transmit the keystrokes wirelessly to the attacker. For maximum efficiency, it can be programmed to send the operator SMS messages whenever certain keywords—think "bankofamerica.com," "confidential," or "password"—are entered. The entire sniffing device can be stashed inside an AC USB charger that powers the device. It recharges when plugged in and runs off of battery when not connected to a power source. To people being spied on, it looks like just another USB charger plugged into a wall socket.

Read 5 remaining paragraphs | Comments

 
[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information
 

Adobe released one bulletin today, affecting Flash Player. The update should be applied to Windows, OS X as well as Linux versions of Adobes Flash player. It is rated with a priority of 1 for most Windows versions of Flash Player.

Adobe Air, as well as browser like Chrome and Internet Explorer are affected as well.

http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Linux Kernel CVE-2014-7843 Local Denial of Service Vulnerability
 
[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information
 
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities
 
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability
 
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update
 
Asuswrt 'infosvr' Service Remote Command Execution Vulnerability
 
Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerability
 

Overview of the January 2015 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS15-001 Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege
(ReplacesMS13-031 MS13-046 MS13-048 MS13-063 )
Microsoft Windows

CVE-2015-0002
KB 3023266 vuln. public. Severity:Important
Exploitability: 2
Important Important
MS15-002 Vulnerability in Windows Telnet Service Could Allow Remote Code Execution
Microsoft Windows KB 3020393 . Severity:Critical
Exploitability: 2
Important Critical
MS15-003 Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege
Microsoft Windows

CVE-2015-0004
KB 3021674 vuln. public. Severity:Important
Exploitability: 2
Important Important
MS15-004 Vulnerability in Windows Components Could Allow Elevation of Privilege
Microsoft Windows

CVE-2015-0016
KB 3025421 . Severity:Important
Exploitability: 0
Important Important
MS15-005 Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass
Microsoft Windows

CVE-2015-0006
KB 3022777 . Severity:Important
Exploitability: 3
Important Important
MS15-006 Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass
(ReplacesMS14-071 )
Microsoft Windows

CVE-2015-0001
KB 3004365 . Severity:Important
Exploitability: 2
Important Important
MS15-007 Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service
Microsoft Windows

CVE-2015-0015
KB 3014029 . Severity:Important
Exploitability: 3
Important Important
MS15-008 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
(ReplacesMS08-007 )
Microsoft Windows

CVE-2015-0011
KB 3019215 . Severity:Important
Exploitability: 2
Important Important
er;">We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become interesting">Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Applications using PyYAML could be made to crash if they receivedspecially crafted input.
 
LinuxSecurity.com: Applications using libyaml-libyaml-perl could be made to crash ifthey received specially crafted input.
 
LinuxSecurity.com: Applications using LibYAML could be made to crash if they receivedspecially crafted input.
 
LinuxSecurity.com: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
 
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
 
CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user
 

Just as Google is coming under fire for publicizing a Windows bug two days before Microsoft released a fix, the company is now in the crosshairs because of its approach towards updating its own software.

Not for the first time, a bug has been found in the WebView component of Android 4.3 and below. This is the embeddable browser control powered by a version of the WebKit rendering engine used in Android apps.

Android 4.4 and 5.0, which use Blink rather than WebKit for their WebView, are unaffected. But by Google's own numbers, some 60 percent of Android users are using 4.3 or below. As such, this is a widespread, high-impact bug. The normal procedure would be to report the bug to Google, and for Google to develop a fix and publish it as part of Android Open Source Project release.

Read 10 remaining paragraphs | Comments

 
 

Posted by InfoSec News on Jan 13

http://money.cnn.com/2015/01/12/technology/security/obama-privacy-law/index.html

By Jose Pagliery
CNNMoney
January 12, 2015

In a State of the Union preview, President Obama on Monday demanded
quicker confessions from companies that lose your data as well as better
privacy for students.

One proposed law would give a company 30 days to let you know if your
personal information -- such as your address or Social Security number --
has been...
 

Posted by InfoSec News on Jan 13

http://www.japantimes.co.jp/news/2015/01/13/asia-pacific/s-korea-nuclear-hack-ups-aging-reactor-risks/

Reuters
Jan 13, 2015

SEOUL – The hacking of South Korea’s nuclear operator means the country’s
second-oldest reactor may be shut permanently due to safety concerns, said
several nuclear watchdog commissioners, raising the risk that other aging
reactors may also be closed.

“The operator failed to prevent it (the hack) and they...
 

Posted by InfoSec News on Jan 13

http://www.washingtonpost.com/news/checkpoint/wp/2015/01/12/centcom-twitter-account-apparently-hacked-by-islamic-state-sympathizers/

By Dan Lamothe
The Washington Post
January 12, 2015

Hackers claiming allegiance to the Islamic State took control of the
social media accounts of the U.S. military’s Central Command on Monday,
posting threatening messages and propaganda videos, along with some
military documents.

The command’s Twitter and...
 
Oracle MySQL Server Privilege Escalation Vulnerability
 
WordPress WP Symposium Plugin Multiple Arbitrary File Upload Vulnerabilities
 
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones
 

Posted by InfoSec News on Jan 13

http://arstechnica.com/security/2015/01/surprise-north-koreas-official-news-site-delivers-malware-too/

By Sean Gallagher
Ars Technica
Jan 12, 2015

A security researcher examining the website of North Korea's official news
service, the Korean Central News Agency, has discovered that the site
delivers more than just the latest photo spread of Democratic Peoples'
Republic of Korea leader Kim Jong Un inspecting mushroom farms....
 

Posted by InfoSec News on Jan 13

http://www.networkworld.com/article/2866950/cloud-computing/which-cloud-providers-had-the-best-uptime-last-year.html

By Brandon Butler
Network World
Jan 12, 2015

Amazon Web Services and Google Cloud Platform recorded impressive
statistics for how reliable their public IaaS clouds were in 2014, with
both providers approaching what some consider the Holy Grail of
availability: five nines.

Flash back just to 2012 and pundits bemoaned the cloud...
 

VISTA InfoSec Ranked Number 372 Fastest Growing Technology Company in ...
India PRwire (press release)
VISTA InfoSec today announced that it ranked Number 372 on the Deloitte Technology Fast 500™Asia Pacific 2014, a ranking of the 500 fastest growing technology companies in Asia Pacific. Rankings are based on percentage revenue growth over three ...

 
Cisco Secure Access Control Server CVE-2014-8029 Open Redirection Vulnerability
 
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense"
 
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
 
[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution
 
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
 
Internet Storm Center Infocon Status