(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SC Magazine

InfoSec 2016: 3/4 experts agree working together crucial to incident response
SC Magazine
Final speaker was Calvin Dickinson, director of information security for Amgen. Dickinson seemed to mean businesses when he said, “In a previous life I used to work for Electronic Arts and I used to not take it as seriously because it is 'just a game ...
#Infosec16: Beware Incident Response Sucker PunchInfosecurity Magazine

all 2 news articles »

(credit: Leo Reynolds)

Attackers are exploiting a critical vulnerability in Adobe's widely used Flash Player, and Adobe says it won't have a patch ready until later this week.

The active zero-day exploit works against the most recent Flash version and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company's global research and analysis team. It's being carried out by "ScarCruft," the name Kaspersky has given to a relatively new hacking group engaged in "advanced persistent threat" campaigns that target companies and organizations for high-value information and data. Raiu wrote:

ScarCruft is a relatively new APT group; victims have been observed in several countries, including Russia, Nepal, South Korea, China, India, Kuwait and Romania. The group has several ongoing operations utilizing multiple exploits—two for Adobe Flash and one for Microsoft Internet Explorer.

Currently, the group is engaged in two major operations: Operation Daybreak and Operation Erebus. The first of them, Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high profile victims. The other one, “Operation Erebus” employs an older exploit, for CVE-2016-4117 and leverages watering holes. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, which was patched in April.

We will publish more details about the attack once Adobe patches the vulnerability, which should be on June 16. Until then, we confirm that Microsoft EMET is effective at mitigating the attacks. Additionally, our products detect and block the exploit, as well as the malware used by the ScarCruft APT threat actor.

The currently unfixed vulnerability is indexed as CVE-2016-4171. Adobe's bare-bones advisory is here.

Read on Ars Technica | Comments


Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Donald. (credit: Gage Skidmore)

A hack on the Democratic National Committee has given attackers access to a massive trove of data, including all opposition research into presidential candidate Donald Trump and almost a year's worth of private e-mail and chat messages, according to a published report.

In an article published Wednesday, The Washington Post reported that researchers with CrowdStrike, the security firm DNC officials hired to investigate and contain the breach, determined the intrusions were carried out by two separate hacker groups that both worked for the Russian government. One, dubbed Cozy Bear, gained access last summer and has been monitoring committee members' e-mail and chat communications. The other is known as Fancy Bear and is believed to have broken into the network in late April. It was the latter intrusion that obtained the entire database of Trump opposition and later tipped off IT team members the network may have been breached.

The DNC intrusion is just one of several targeting US political organizations, the WaPo said, with the networks of Trump, rival presidential candidate Hillary Clinton, and some republican political action committees also being targeted by Russian spies. Details about those campaigns weren't available. The hackers who penetrated the DNC network were expelled last weekend. No financial and donor information appears to have been taken, leaving analysts to suspect the attack was a case of traditional espionage and not the work of criminal hackers. According to Wednesday's report:

Read 6 remaining paragraphs | Comments


When President Barack Obama took office in 2009, he pushed to keep his BlackBerry. Instead, he was issued another BlackBerry device—a BlackBerry 8830 World Edition with extra crypto—for unclassified calls and e-mail. Until recently, Obama continued to carry a BlackBerry handset, but mobile device technology shifts have finally caught up with the White House. Sadly, the Obamaberry is no more.

In an appearance on Late Night with Jimmy Fallon, Barack Obama noted that he now carries a secure "smartphone" that is so locked down that he compared it to an infant's toy phone. While Obama didn't mention the type of handset he now carries, there's only one mobile device supported by the Defense Information Systems Agency—the agency that provides the White House with communications services. That phone is a "hardened" Samsung Galaxy S4.

President Barack Obama tells Jimmy Fallon how bad his new smartphone is.

The S4 is currently the only device supported under DISA's DOD Mobility Classified Capability-Secret (DMCC-S) program. In 2014, a number of Samsung devices were the first to win approval from the National Security Agency under its National Information Assurance Partnership (NIAP) Commercial Solutions for Classified (CSfC) program—largely because of Samsung's KNOX security technology. And the S4, layered with services managed by DISA, is the first commercial phone to get approval to connect to the Secret classified DOD SIPRNet network.

http://arstechnica.com/information-technology/2016/06/goodbye-obamaberry-hello-obamadroid/#p3">Read 3 remaining paragraphs | Comments


SC Magazine

Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
Dark Reading
Fifty-two percent of respondents to the Bitglass survey of 2,200 information security professionals said they believe cloud apps are at least as secure as on-premise apps (17% say more secure; 35% as secure). Enterprise confidence in cloud apps has ...
InfoSec 2016: EU GDPR - Don't panic, prioritise - and do the right thing for your customersSC Magazine

all 27 news articles »


William Hague to InfoSec community: 'there can be no absolute right to privacy'
Tamlin is online editor at ComputerworldUK and Techworld. He has previously covered a wide range of beats at a variety of publications, from European channel markets, enterprise cloud and privacy to architecture, design, film and music. He is ...
InfoSec 2016: Lord Hague says there is no "absolute right to privacy"SC Magazine UK
Surveillance forestalls more 'draconian' police powers – William HagueThe Register

all 37 news articles »

SC Magazine UK

InfoSec 2016: How to manage huge risk of privileged insiders
SC Magazine UK
The panel was chaired by Mike St John-Green, principal analyst and technical advisor at the Information Security Forum. He started with a question that bordered on the existential: Why are we here? Simply put, in the drive to make themselves more ...


Network World

5 InfoSec concerns for colleges and universities
Network World
No industry or sector is immune to data breaches, but some are targeted more often than others. Education came ahead of government, retail and financial sectors, and it was second only to healthcare on Trend Micro's list of the most-breached industries.


Security Think Tank: Infosec pros need to identify and protect GDPR-relevant data
Infosec professionals should therefore be prepared to acknowledge, analyse and then safeguard GDPR relevant datasets. However, this is easier said than done, as protection levels and risk classifications must be extended from traditional personal data ...

and more »

The Register

Cisco is to spend $10m on infosec scholarships to 'widen talent pool'
The Register
Cisco is setting up a $10m scholarship fund to train the next generation of IT security staff. The Global Cybersecurity Scholarship Program will run for two years and will pay for 10,000 applicants to be trained in the art of cyber security. It ...

and more »

TechWeekEurope UK

Infosec 2016: Two Thirds Of Security Pros Say Brexit Won't Hurt UK's Cyber Defence
TechWeekEurope UK
A survey of almost 300 infosecurity professionals at Infosec 2016 in London has found two thirds believe a Brexit scenario won't have any impact on the ability of the UK to defend itself against cyber attacks. The EU referendum is set to be held on ...

and more »
[SECURITY] [DSA 3602-1] php5 security update
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

The Register

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried
The Register
Analysis Symantec's deal to to buy Blue Coat, the controversial web filtering firm, for $4.65bn will bolster its enterprise security business. But some security experts are concerned about the potential for conflict of interest created by housing ...
Symantec To Spend $4.65 Billion On Blue CoatDark Reading

all 206 news articles »

Security Intelligence (blog)

Say Goodbye to the Angler Exploit Kit
Security Intelligence (blog)
... Neutrino exploit kit. The SANS ISC Infosec Forum also noted that CryptXXX is starting to show up as a Neutrino-associated malware, something that researchers hadn't seen before. It seems that there is a demonstrable shift in malware distribution ...


LockPath Joins American National Standards Institute to Provide ISO Content
Marketwired (press release)
LockPath's Keylight Platform assists organizations in achieving an ISO certification whether they're building an information security management system from the ground up in the hopes of achieving certification, or if they're already certified and need ...

and more »

(credit: ShahanB)

A German university student has demonstrated an effective way to get code of his choosing to run on the computers of software developers, at least some of whom work for US governmental and military organizations.

The eye-opening (if ethically questionable) research was conducted by University of Hamburg student Nikolai Philipp Tschacher as part of his bachelor thesis. Using a variation of a decade-old attack known as typosquatting, he uploaded his code to three popular developer communities and gave them names that were similar to widely used packages already submitted by other users. Over a span of several months, his imposter code was executed more than 45,000 times on more than 17,000 separate domains, and more than half the time his code was given all-powerful administrative rights. Two of the affected domains ended in .mil, an indication that people inside the US military had run his script.

"There were also 23 .gov domains from governmental institutions of the United States," Tschacher wrote in his thesis. "This number is highly alarming, because taking over hosts in US research laboratories and governmental institutions may have potentially disastrous consequences for them."

Read 6 remaining paragraphs | Comments

Oracle Orakill.exe Buffer Overflow
[SECURITY] [DSA 3601-1] icedove security update

Out of the Blue and into the Black?
Lawfare (blog)
Indeed, since the time that President Ronald Reagan asked for an assessment of U.S. information security after watching the popular Matthew Broderick movie “War Games,” one blue ribbon panel after another has been warning about our vulnerability to ...


iT News

Queensland govt's tech workload shrinks
iT News
The budget includes money for an $11 million whole-of-government cyber security strategy, to be based around the establishment of a dedicated infosec capability within the government. The new unit was announced back in February. iTnews has sought ...

and more »
Internet Storm Center Infocon Status