(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge (credit: Fernando Frazão/Agência Brasil)

The World Anti-Doping Agency confirmed Tuesday that hackers accessed a database of confidential medical data and released the drug regimens of gymnast Simone Biles and three other top US Olympians. The agency went on to say the Russian government was behind the move.

The organization, which screens Olympic athletes for performance-enhancing substances, said the attack was carried out by "Fancy Bear," one of the same Russian government-sponsored hacking groups that security experts say broke into Democratic National Committee servers and made off with confidential documents. Fancy Bear members used a technique known as spear phishing to gain access to the Anti-Doping Administration and Management System (ADAMS) database through an account that was created by the International Olympic Committee, the agency said in a statement.

"WADA has been informed by law enforcement authorities that these attacks are originating out of Russia," agency Director General Olivier Niggli said in the statement that also named Fancy Bear as the group. "Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report." The McLaren investigation refers to an inquiry into allegations of Russian government-sponsored doping at the 2014 Sochi Olympics. The investigation has been a major source of controversy between Russia and Olympics organizers.

Read 8 remaining paragraphs | Comments

VMware Tools Multiple Local Privilege Escalation Vulnerabilities
[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass
[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability
Multiple VMware Workstation Products CVE-2016-7085 DLL Loading Remote Code Execution Vulnerability

Reusing four-year-old passwords from MySpace for GitHub? (credit: ABC Photo Archives / Getty Images)

Plaintext passwords, usernames, e-mail addresses, and a wealth of other personal information has been published for more than 2.2 million people who created accounts with ClixSense, a site that claims to pay users for viewing ads and completing online surveys. The people who dumped it say they're selling data for another 4.4 million accounts.

Troy Hunt, operator of the breach notification service Have I Been Pwned?, said he reviewed the file and concluded it almost certainly contains data taken from ClixSense. Besides unhashed passwords and e-mail addresses, the dump includes users' dates of birth, sex, first and last names, home addresses, IP addresses, account balances, and payment histories.

A post advertising the leaked data said it was only a sample of personal information taken from a compromised database of more than 6.6 million ClixSense user accounts. The post said that the larger, unpublished data set also includes e-mails and was being sold for an undisclosed price. While the message posted over the weekend to PasteBin.com has since been removed, the two sample database files remained active at the time this post was being prepared. The Pastebin post, which was published on Saturday and taken down a day or two later, read in part:

Read 6 remaining paragraphs | Comments


The Microsoft Patch Tuesday updates are out, our analysis is here:

If you consume these using an API, the link for that is here: https://isc.sans.edu/api/getmspatchday/2016-09-13
(or if you prefer json https://isc.sans.edu/api/getmspatchday/2016-09-13?json )

Rob VandenBrink

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

=============== Rob VandenBrink Metafore

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released
Adobe AIR SDK & Compiler CVE-2016-6936 Remote Security Vulnerability
Adobe Digital Editions CVE-2016-4263 Unspecified Use After Free Remote Code Execution Vulnerability

On top of today being Patch Tuesday, Apple has released IOS 10 sometime today as well. They also released 10.0.1, with not a lot of detail behind that release (maybe something was missed?)

Security details for 10.0 : https://support.apple.com/en-ca/HT207143
Security details for 10.0.1: https://support.apple.com/en-ca/HT207145 (an almost empty page)

Highlights are:

MiTM attacks on Apple Updates
Autocorrect pulling sensitive data from cache (again)
Issues with Certificate Trust in Mail app allows MiTM
Airprint Temp file sanitization
SMS directory exposed to malicious apps

None of these Apple or Microsoft updates are what youd call small - lets hope we dont break the internet today (just kidding, I think).

Happy Patching everyone!


Rob VandenBrink

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
TYPO3 Frontend User Registration Remote Code Execution Vulnerability
Schneider Electric ION Power Meter Unspecified Cross Site Request Forgery Vulnerability
HP Performance Center CVE-2016-4382 Remote Security Bypass Vulnerability
Multiple DoS vulnerabilities in libosip2-4.1.0
FENIKS PRO ElNet LT Energy & Power analyzer Multiple Authentication Bypass Vulnerabilities
Open-Xchange Security Advisory 2016-09-13 (2)
Open-Xchange Security Advisory 2016-09-13
Internet Storm Center Infocon Status