(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Register

Oxford Uni opens infosec ivory tower in Melbourne
The Register
The State of Victoria is cementing its place as Australia's security hub with the launch of an Oxford University national infosec risk centre in Melbourne. The Global Cyber Security Capacity Centre will perform "audits of national cyber security risks ...

and more »

Our own Mark Baggett (@markbaggett) recently reTweeted Sean Metcalfs (@PyroTek3) Tweet about his Active Directory Security post, an Unofficial Guide to Mimikatz Command Reference.
This is a freaking gold mine, well done Sean!
Using Mimikatz as part of red/blue exercises and scenarios is near and dear to my heart, its the attacker basis, along with PowerShell and Metasploit,of my May 2015 toolsmith, Attack Detection: Hunting in-memory adversaries with Rekall and WinPmem.Sean describes Mimikatz and its use with such robust detail, even the uninitiated should be able to grasp the raw power of the tool (both dangerous and useful).
First and foremost, Ill quote one of Seans most important points:
This information is provided to help organizations better understand Mimikatz capability and is not to be used for unlawful activity. Do NOT use Mimikatz on computers you dont own or have been allowed/approved to. In other words, dont pen-test/red-team systems with Mimikatz without a get out of jail free card.
Further, Sean developed this reference after speaking with both hired defenders and attackers, and learned that outside of a couple of the top three mostused Mimikatz commands, not many knew about the full capability of Mimikatz.
This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required optional), as well as screenshots and additional context (where possible). Sean indicates there are several that he hasnt dug intofully yet, but expects to in the near future.">Unofficial Guide toMimikatz Command Reference on your immediate must read and bookmark list and find safe ways to explore its capabilities.
Again, if your one of those folks who spend time in both red and blue team actvities, it">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The MYK-78 "Clipper" chip, the 1990's version of the "golden key."

In the face of a Federal Bureau of Investigation proposal requesting backdoors into encrypted communications, a noted encryption expert urged Congress not to adopt the requirements due to technical faults in the plan. The shortcomings in question would allow anyone to easily defeat the measure with little technical effort.

Please note, the testimony referenced above was delivered on May 11, 1993. However, that doesn't change its applicability today. In fact, current pressure being applied by law enforcement and intelligence officials over end-to-end encrypted communications appears eerily reminiscent of a similar battle nearly 25 years ago.

Last week, FBI Director James Comey again pushed forward arguments for law enforcement "backdoors" into encrypted communication applications. Comey claimed that the gunmen who attempted to attack a Texas anti-Muslim cartoon event used encrypted communications several times on the day of the attack to contact an overseas individual tied to terrorism. The revelation is part of a renewed lobbying effort to get technology providers to provide what Comey once described as a "golden key" to access encrypted communications. Though the FBI director reluctantly dropped his lobbying efforts for such a backdoor this summer, the attacks in Paris and San Bernardino have raised the issue again. Even President Obama recently asked for technology companies to help give the government access to communications over messaging applications and social media.

Read 18 remaining paragraphs | Comments

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
Multiple Kaspersky Products Local Security Bypass Vulnerability

I feel our data is best used to provide context to your own logs. So far, there wasnt an easy way to lookup a good number of IP addresses to annotate your logs. We do have an API, but that requires scripting on your end to use. Our most recent experiment makes annotating your logs as easy as copy / paste. All you need to do it copy and paste a log snippet to our Color My Logs page, and the snippet will be marked up with our data.

Any IPs found in your log will be Colored based on our risk rating. We are still refining the risk rating, so any feedback is very welcome. Please let us know ifyou run into a log that isnt parsed correctly or if you experience any other issues.

For a quick run through and some additional details, see this YouTube video.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge / An payload that's been modified so it can't be misused. Malicious hackers are using it to perform an object injection attack that leads to a full remote command execution. (credit: Sucuri)

Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said.

A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post. The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri.

"Today (Dec 14th), the wave of attacks is even bigger, with basically every site and honeypot we have being attacked," the blog post reported. "That means that probably every other Joomla site out there is being targeted as well."

Read 2 remaining paragraphs | Comments


Enlarge (credit: @coldhakca)

Twitter has warned dozens of users that their account data may have been targeted by state-sponsored hackers.

In e-mails sent to security researchers, journalists, and activists over the past few days, Twitter officials said there's no evidence the attacks were successful. Still, the messages said Twitter officials are actively investigating the possibility that the accounts were breached. Dozens of users have reported receiving the advisory, with this list showing 36 people and this one listing 32 users.

"As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors," one e-mail warned. "We believe that these actors (possibly associated with a government) may have been trying to obtain information such as e-mail addresses, IP addresses and/or phone numbers."

Read 2 remaining paragraphs | Comments

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS
[SECURITY] [DSA 3417-1] bouncycastle security update

Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed.

Built on a security-hardened version of the Xen hypervisor, Qubes protects users by allowing them to partition their digital lives into virtual machines. Rather than focus solely on security by correctness, or hide behind security by obscurity, Qubes implements security by isolation—the OS assumes that the device will eventually be breached, and compartmentalises all of its various subsystems to prevent an attacker from gaining full control of the device. Qubes supports Fedora and Debian Linux VMs, and Windows 7 VMs.

One of the biggest problems with Qubes is that hardware support can be tricky. In order to take full advantage of the OS's many innovative security features, you'll need a CPU that supports virtualisation technology, including both Intel VT-x (or AMD-v) and Intel VT-d (or IOMMU), plus a BIOS with TPM (for Anti-Evil Maid). Running a dozen VMs or more, as many Qubes users do, can be resource-intensive, so plenty of RAM and a fast processor are essential.

Read 18 remaining paragraphs | Comments

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
WebKit CVE-2015-7050 Information Disclosure Vulnerability

Posted by InfoSec News on Dec 14


By Dawn Rhodes
Chicago Tribune
December 13, 2015

Four men from New York by way of Russia and Kazakhstan were charged with
felonies after allegedly stealing financial information from ATMs in

Irmiyo Izraelov, 24; Bakai Marat-Uulu, 23; Yevgeniy A. Dubovskiy, 24; and
Konstantin Miroshnikov, 24, all of Brooklyn, appeared in bond court...

Posted by InfoSec News on Dec 14


By Sean Gallagher
Ars Technica
Dec 10, 2015

When the freighter El Faro was lost in a hurricane on October 1, one of
the goals of the salvage operation was to recover its voyage data recorder
(VDR)—the maritime equivalent of the "black box" carried aboard airliners.
The VDR, required aboard all large...

Posted by InfoSec News on Dec 14


By Michael Cooney
Network World
Dec 11, 2015

The diversity and capabilities as well as a lack of security found in the
multitude of devices in the Internet of Things world is making people at
the US Department of Homeland Security more than a little concerned.

This week it put out a call for “novel ideas and technologies...

Posted by InfoSec News on Dec 14


GoLocalProv News Team
December 13, 2015

The City of Providence’s website was hacked on Sunday morning, and
following the hacker posting an ominous message claiming to have control
of sensitive data and that the data is for sale, the city and the hacker
have given conflicting reports as to the impact.

It is unknown what data, if any, is...

Posted by InfoSec News on Dec 14


By Steve Morgan
Forbes / Tech
Dec 13, 2015

There’s a showdown between the world’s largest corporations, governments,
and cybersecurity companies who are going up against a global network of
cyber criminals.

The British insurance company Lloyd’s estimates that cyber attacks cost
businesses as much as...
ECommerceMajor SQL Injection Vulnerability
[SECURITY] [DSA 3416-1] libphp-phpmailer security update
Internet Storm Center Infocon Status