(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

NSA releases Linux-based open source infosec tool
iT News
SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, "defence-in-depth" approach to information security. NSA said it released the tool to avoid duplication after US government ...


A security researcher has abruptly cancelled next month's scheduled unveiling of a privacy device designed to mask Internet users' physical locations. It's a move that has both disappointed privacy advocates and aroused suspicions.

Ben Caudill, a researcher with Rhino Security Labs, took the unusual step of saying he no longer plans to release the software or hardware schematics for his so-called ProxyHam box. He said the devices already created have been destroyed. Caudill has offered no explanation for the killing of the project, but he has reportedly ruled out both intellectual property disputes and Federal Communications Commission licensing concerns.

That has left some people to speculate a secret government subpoena known as a National Security Letter is at play in the decision to kill the project. That speculation seems unlikely because NSLs are a very specific legal process typically served on e-mail providers, phone companies, or the like for specific information, Electronic Frontier Foundation General Counsel and Deputy Executive Director Kurt Opsahl said.

Read 5 remaining paragraphs | Comments


On Monday, Hacking Team released a statement saying that while some of its surveillance-related source code was released to the public, the firm still retains an edge. "Important elements of our source code were not compromised in this attack and remain undisclosed and protected," the release said. "We have already isolated our internal systems so that additional data cannot be exfiltrated outside Hacking Team. A totally new internal infrastructure is being build [sic] at this moment to keep our data safe."

The release, attributed to CEO David Vincenzetti, noted this wholly new version of the company's Remote Control System is due in the fall. Vincenzetti also defiantly dismissed the recent breach at this point in time, writing that the leaks are now "obsolete because of universal ability to detect these system elements."

Details beyond that remained scarce. The letter notes this will be version 10 of Hacking Team's Remote Control System, calling it "a total replacement for the existing ‘Galileo’ system, not simply an update." Hacking Team spokesperson Eric Rabe told Ars that Vincenzetti was not available for an interview or any follow-up questions.

Read 2 remaining paragraphs | Comments

CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal

Internet users should take renewed caution when using both Adobe Flash and Oracle's Java software framework; over the weekend, three previously unknown critical vulnerabilities that could be used to surreptitiously install malware on end-user computers were revealed in Flash and Java.

The Java vulnerability is significant because attackers are actively exploiting it in an attempt to infect members of NATO, researchers from security firm Trend Micro warned in a blog post published Sunday. They said the attack involves a separate Windows vulnerability indexed as CVE-2012-015, which Microsoft addressed in 2012 in bulletin MS12-027. Oracle developers are working on a fix, the blog post said.

The two Flash vulnerabilities were unearthed late last week in the 400-gigabyte dump taken from Hacking Team, the Italian spyware developer that was breached eight days ago. The two zero-day flaws, designated CVE-2015-5122 and CVE-2015-5123, are in addition to a separate previously unknown Flash vulnerability found by Hacking Team that Adobe patched on Wednesday. The currently unpatched vulnerabilities reside in the Windows, Mac OS X, and Linux versions of the most recent versions of Flash and allow attackers to remotely execute malicious code.

Read 1 remaining paragraphs | Comments

LinuxSecurity.com: This is an update to most recent version 10.0.20, that also fixes CVE-2015-3152.
LinuxSecurity.com: Update to 2.13
LinuxSecurity.com: This update brings security fix for two announced vulnerabilities. Namely XSECURITY restrictions bypass under certain conditions AND weakness of agent locking (ssh-add -x) to password guessing (more info in related bugs). For more information see related bugs.
LinuxSecurity.com: * New upstream version ( - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF data to stdout. * New upstream version ( - cups-x2go: import tempfile() function from File::Temp module. - cups-x2go: only repeat the last X, not the whole ".pdfX" string (or the like.) - cups-x2go: actually print "real" executed command instead of the "original" one with placeholders. - cups-x2go: read output from ghostscript, don't write a filehandle to the temporary file. Fixes a hanging ghostscript call and... well... random junk, instead of a "real" PDF file. - cups-x2go: use parentheses around function arguments. - cups-x2go: fix binmode() call, :raw layer is implicit. - cups-x2go: fix print call... Does not allow to separate parameters with a comma. - cups-x2go: add correct :raw layer to binmode calls. - cups-x2go: fix tiny typo. - cups-x2go: read data from GS and STDIN in chunks of 8 kbytes, instead of everything at once. Handles large print jobs gracefully. - cups-x2go: add parentheses to close() calls. - cups-x2go: delete PDF and title temporary files automatically. - cups-x2go: unlink PS temporary file on-demand in END block. Also move closelog to END block, because we want to print diagnosis messages in the END block. - cups-x2go: don't use unlink() explicitly. Trust File::Temp and our END block to clean up correctly. - cups-x2go: there is no continue in perl for stepping forward a loop. Still not. I keep forgetting that. Use next. (Partly) Fixes: #887. - cups-x2go: use the same temp file template for PS, PDF and title files. Use appropriate suffixes if necessary when generating PDF and title temp files. (Fully) Fixes: #887.Update to Add a short README that provides some getting started information.Update to Add a short README that provides some getting started information.
LinuxSecurity.com: A buffer overflow in libcapsinetwork might allow remote attackers to cause a Denial of Service condition.
LinuxSecurity.com: Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in Chromium allowing remote attackers to bypass security restrictions.
LinuxSecurity.com: A vulnerability in SNMP could lead to Denial of Service condition.
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: This update brings security fix for two announced vulnerabilities. Namely XSECURITY restrictions bypass under certain conditions AND weakness of agent locking (ssh-add -x) to password guessing (more info in related bugs). It also provides new version of openssh-6.9 which is bringing many bugfixes and few new features with maintaining compatibility with previous version.
LinuxSecurity.com: Update to 2.13
LinuxSecurity.com: CVE-2015-0848 heap overflow when decoding BMP imagesCVE-2015-4588 RLE decoding doesn't check that the "count" fits into the imageCVE-2015-4695 meta_pen_create heap buffer overflowCVE-2015-4696 wmf2gd/wmf2eps use after free

Info sec to probe FF Ayub's suicide
Prothom Alo (English)
Info sec to probe FF Ayub's suicide. Staff Correspondent | Update: 20:37, Jul 13, 2015. 0 Like. The ministry of public administration has decided to launch an investigation led by the information secretary Mortuza Ahmed to unearth reasons behind the ...

and more »
[SYSS-2015-031] sysPass - SQL Injection
phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS
[slackware-security] mozilla-thunderbird (SSA:2015-192-01)

Posted by InfoSec News on Jul 13


By Steve Ragan
Salted Hash
July 12, 2015

Earlier this month, several news outlets reported on a powerful tool in
the fight between those seeking anonymity online, versus those who push
for surveillance and taking it away.

The tool, ProxyHam, is the subject of a recently canceled talk at DEF CON
23 and its...

Posted by InfoSec News on Jul 13


By Dan Goodin
Ars Technica
July 12, 2015

Spyware service provider Hacking Team orchestrated the hijacking of IP
addresses it didn't own to help Italian police regain control over several
computers that were being monitored in an investigation, e-sent among
company employees showed.

Over a six day period in August 2013, Italian...

Posted by InfoSec News on Jul 13


By John Reed
July 10, 2015

In a searingly hot afternoon at a campuslike new science park in Beer
Sheva, southern Israel, I watched as a group of bright, geeky teenagers
presented their graduation projects. Parents and uniformed army personnel
milled around a windowless room packed with tables holding laptops, phones
or other gadgets. There was excited chatter and a...

Posted by InfoSec News on Jul 13


By Gregg Keizer
July 11, 2015

Adobe next week will patch a second zero-day vulnerability found in the
leaked documents from the Hacking Team, a controversial Italian company
that sells surveillance software and exploits to governments, Adobe said
late Friday.

Computerworld's Best Places to Work...

Posted by InfoSec News on Jul 13


By Elhanan Miller
The Times of Israel
July 12, 2015

Computer hackers likely working for the Syrian regime and Hezbollah have
managed to penetrate the computers of Israeli and American activists
working with the Syrian opposition, exposing sensitive contacts between
the sides.

Al-Akhbar, a newspaper serving as Hezbollah’s mouthpiece in Lebanon,...
Internet Storm Center Infocon Status