Information Security News
NSA releases Linux-based open source infosec tool
SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, "defence-in-depth" approach to information security. NSA said it released the tool to avoid duplication after US government ...
A security researcher has abruptly cancelled next month's scheduled unveiling of a privacy device designed to mask Internet users' physical locations. It's a move that has both disappointed privacy advocates and aroused suspicions.
Ben Caudill, a researcher with Rhino Security Labs, took the unusual step of saying he no longer plans to release the software or hardware schematics for his so-called ProxyHam box. He said the devices already created have been destroyed. Caudill has offered no explanation for the killing of the project, but he has reportedly ruled out both intellectual property disputes and Federal Communications Commission licensing concerns.
That has left some people to speculate a secret government subpoena known as a National Security Letter is at play in the decision to kill the project. That speculation seems unlikely because NSLs are a very specific legal process typically served on e-mail providers, phone companies, or the like for specific information, Electronic Frontier Foundation General Counsel and Deputy Executive Director Kurt Opsahl said.
by Cyrus Farivar
On Monday, Hacking Team released a statement saying that while some of its surveillance-related source code was released to the public, the firm still retains an edge. "Important elements of our source code were not compromised in this attack and remain undisclosed and protected," the release said. "We have already isolated our internal systems so that additional data cannot be exfiltrated outside Hacking Team. A totally new internal infrastructure is being build [sic] at this moment to keep our data safe."
The release, attributed to CEO David Vincenzetti, noted this wholly new version of the company's Remote Control System is due in the fall. Vincenzetti also defiantly dismissed the recent breach at this point in time, writing that the leaks are now "obsolete because of universal ability to detect these system elements."
Details beyond that remained scarce. The letter notes this will be version 10 of Hacking Team's Remote Control System, calling it "a total replacement for the existing ‘Galileo’ system, not simply an update." Hacking Team spokesperson Eric Rabe told Ars that Vincenzetti was not available for an interview or any follow-up questions.
Internet users should take renewed caution when using both Adobe Flash and Oracle's Java software framework; over the weekend, three previously unknown critical vulnerabilities that could be used to surreptitiously install malware on end-user computers were revealed in Flash and Java.
The Java vulnerability is significant because attackers are actively exploiting it in an attempt to infect members of NATO, researchers from security firm Trend Micro warned in a blog post published Sunday. They said the attack involves a separate Windows vulnerability indexed as CVE-2012-015, which Microsoft addressed in 2012 in bulletin MS12-027. Oracle developers are working on a fix, the blog post said.
The two Flash vulnerabilities were unearthed late last week in the 400-gigabyte dump taken from Hacking Team, the Italian spyware developer that was breached eight days ago. The two zero-day flaws, designated CVE-2015-5122 and CVE-2015-5123, are in addition to a separate previously unknown Flash vulnerability found by Hacking Team that Adobe patched on Wednesday. The currently unpatched vulnerabilities reside in the Windows, Mac OS X, and Linux versions of the most recent versions of Flash and allow attackers to remotely execute malicious code.
Info sec to probe FF Ayub's suicide
Prothom Alo (English)
Info sec to probe FF Ayub's suicide. Staff Correspondent | Update: 20:37, Jul 13, 2015. 0 Like. The ministry of public administration has decided to launch an investigation led by the information secretary Mortuza Ahmed to unearth reasons behind the ...
Posted by InfoSec News on Jul 13http://www.csoonline.com/article/2947377/network-security/privacy-talk-at-def-con-canceled-under-questionable-circumstances.html
Posted by InfoSec News on Jul 13http://arstechnica.com/security/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/
Posted by InfoSec News on Jul 13http://www.ft.com/cms/s/2/69f150da-25b8-11e5-bd83-71cb60e8f08c.html
Posted by InfoSec News on Jul 13http://www.computerworld.com/article/2947273/malware-vulnerabilities/adobe-to-patch-second-hacking-team-flash-zero-day-bug.html
Posted by InfoSec News on Jul 13http://www.timesofisrael.com/computer-hack-reveals-identity-of-syrians-in-contact-with-israel/