InfoSec News

The Nitol botnet controlled more than 500 strains of embedded malware that Microsoft says has been plaguing the PC supply chain.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability

There have been a lot of data leaks of email, password, credit card information and more lately. I wanted to take a moment and remind everyone about the Internet StormCenter's and the SANSInstitute's commitment to protecting private information as outlined in our ISC/DShield Privacy Policy at https://isc.sans.edu/privacy.html.

Additionally, any source information in DShield submissions as well as any other project such as the 404project are anonymised in public reports.

I'll give a brief summary here and you can follow the links for complete details.

First line is Last Updated date so you'll know immediately if there are any current changes.

1. How We Gather Information - https://isc.sans.edu/privacy.html#1

The ISC Portal system saves your information and references it to your email address and password.

2. Log Files - https://isc.sans.edu/privacy.html#2

Web logs are stored and used to analyze trends, to administer the site, to track how visitors interact with the site.

3. Cookies - https://isc.sans.edu/privacy.html#3

ISC may use both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. You can remove your ISC Portal login cookie by clicking the Logout link.

4. How We Protect Your Personal Information - https://isc.sans.edu/privacy.html#4

ISC safeguards the security of the data you send us with physical, electronic, and managerial procedures. The ISC website uses SSL v3 and TLS v1 encryption on all web pages where personal information is submitted.

5. Access To Your Personal Information - https://isc.sans.edu/privacy.html#5

To review and update your personal contact information, simply click https://isc.sans.edu/login.html and log in with your email address and password, then click My Information.

6. Notifications and Promotional Email - https://isc.sans.edu/privacy.html#6

You are free to opt-in and/or opt-out of any notification or email.

7. Links To Other Sites - https://isc.sans.edu/privacy.html#7

The ISC web site contains links to other sites that are not owned or controlled by ISC. Please be aware that the ISC is not responsible for the privacy practices of such other sites.

8. Affiliates And Subsidiaries - https://isc.sans.edu/privacy.html#8

DShield.org provides Google Ads and uses Google Analytics in certain areas of the site.

9. Information Obtained From Third Parties - https://isc.sans.edu/privacy.html#9

ISC does not sell or trade your personal information. We may at times receive contact lists from other organizations. We may send mailings such as brochures to these addresses.

10. Changes To This Privacy Statement - https://isc.sans.edu/privacy.html#10

If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

11. Contact Us - https://isc.sans.edu/privacy.html#11

If you have any questions or suggestions regarding our privacy policy, please contact us at [email protected]

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

IG Questions Infosec Efforts at Commerce Unit
The federal agency that advises the American president on telecommunications and information policy issues needs to step up its IT security efforts. The information systems at the Commerce Department's National Telecommunications and Information ...

Tech stocks rallied Friday as markets rode a wave of euphoria over the U.S. Federal Reserve's commitment to buy bonds to boost the economy and as excitement over Apple's iPhone 5 got industry analysts talking about an "iPhone stimulus."
AT&T and Verizon today emptied their iPhone 5 pre-order inventories, and now show delivery dates as far out as three weeks.
This year's Intel Developer Forum was upstaged by Apple's iPhone 5 launch event, which to some show attendees felt like a reprise of last year, when IDF had to compete with Microsoft's Build conference.
An administrative law judge at the U.S. International Trade Commission (USITC) has ruled that Apple does not infringe four computing and mobile patents held by Samsung.
Microsoft has uncovered a vulnerability in the PC supply chain that allows hackers to pre-install malware-infected copies of Windows onto new machines.
IOServer Directory Traversal Vulnerability
Mozilla Firefox CVE-2012-3973 Security Bypass Vulnerability
[SECURITY] [DSA 2548-1] tor security update
Apple apparently made the right decision to omit NFC from the iPhone 5, given that 68% of U.S. consumers prefer to buy good using cash and credit cards over mobile wallets, according to a recent consumer survey.
[ MDVSA-2012:152 ] bind
For the first time in a generation, PCs accounted for less than half of the leading type of semiconductor memory in the second quarter of this year.
Over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.
In the development version of Chrome, Google has now included an option that lets users specify if they want to set a Do Not Track header when visiting web sites

We received a report of a recent scam that persuaded the victim to click on a link that claimed to be a recorded voice mail message. (Thanks for the pointer,Sean Thomas.)
According to VCU, the scammer's message had the following contents:

Subject: Voice Mail from 703-892-1228 (55 seconds)
You received a voice mail : N_V50-062-NIDS.WAV (182 KB)



Email-Id:[email protected]

This e-mail contains a voice message.

Double click on the link to listen the message.

Sent by Microsoft Exchange Server

Better Business Bureau published a screenshot of a similar message. According to BBB, although the attachment appears to be a .wav audio file, but its really an HTML link that redirects recipients to a malicious website. the message claims to contain a WAV file, but merely includes a link that claims to allow the victim to play that voice mail.
XtremeComputer.com examined one instance of this attack, stating that the link directed the recipient to hxxp: //tweetsbazaar.com /5ACeRRyc /index.html or hxxp: //www.luckylu.de / EuaWg3cd / index.html. The victim's browser was then presented with a malicious Java appletGam.jar and was further redirect to a URL at 173. 255. 221.74.
The Jsunpack website captured contents of one instance of the exploit being delivered via Gam.jar from173.255.221.74, which (not surprisingly) contained the malicious Java applet and obfuscated JavaScript. This looks like an instance of the Blackhole Exploit Kit.
If you have additional details regarding this scam and the associated client-side attack, please let us knowor leave a comment.

-- Lenny Zeltser
Lenny Zeltserfocuses on safeguarding customers' IT operations at NCR Corp. He also teaches how toanalyze malwareat SANS Institute. Lenny is activeon Twitterand writes asecurity blog.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple today exhausted its supply of the iPhone 5 within an hour of opening its online store for pre-orders, and now is telling customers that their orders won't ship for two weeks.
Facebook's store of data about its users holds some surprises, and not just in the sheer quantity of data it is sitting on. Among the surprises it held for me was SAupsk.
Experts have discovered a problem with the internet's standard SSL encryption which arises where content has undergone prior compression. Happily, affected browser producers have already reacted to the issue

Tests show just how easy it is for data sniffers to send and receive messages in the name of other WhatsApp users. Once an account has been hacked, there is no way to protect it from further unauthorised access

Facebook photo protection fails, learning spammers, all the PIN numbers, 20 years of DEF CON, a world of malware, legal Wi-Fi wiretapping, and a security rock star at Twitter

A new URL generation algorithm and domain obfuscation are among the new features designed to trip up malware analysis and avoid detection.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Xen 'PHYSDEVOP_map_pirq' Index CVE-2012-3498 Denial of Service Vulnerability
Amazon Web Services has made it possible to connect to its Virtual Private Cloud service using static routing, while also allowing enterprises to run SQL Server within the private cloud.
A 2011 investigation into pre-loaded malware on new PCs in China has culminated in Microsoft getting a court order to take over the 3322.org domain to block malware

OpenSLP 'SLPIntersectStringList()' Function Denial of Service Vulnerability
The company also moves forward on Python client library for Google APIs
A U.S. congressional committee appeared to come away still in doubt about the security of networking equipment from Chinese firms Huawei Technologies and ZTE after holding a Thursday hearing in which the two companies tried to dispel allegations that they were tied to the Chinese government.
The 'CRIME' attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS traffic.
The U.S. Federal Communications Commission says it will act by the end of the year on a White House-appointed panel's recommendation to have federal agencies share 100MHz of spectrum with commercial users.
The U.S. House is moving closer to acting on legislation that makes green cards available to as many as 55,000 foreign nationals who have earned advanced degrees in science, technology, engineering or math -- the so-called STEM fields.
Amazon's newest Kindle, the 7-in. Kindle Fire HD, is a great buy if you're an Amazon customer, but it falls short as a general-purpose tablet.
Google has blocked access in India to a YouTube film trailer that mocks the Prophet Muhammad, claiming it was meeting a valid legal process, the company said on Friday.
The Austrian national CERT warns that crashes can be triggered using an overly long data field in version 9 of the open source DNS server BIND

qdPM Arbitrary File Upload Vulnerability
udev Netlink Message Validation Local Privilege Escalation Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
Mozilla Firefox/SeaMonkey/Thunderbird Information Disclosure Vulnerability
PHP 'main/SAPI.c' CVE-2012-4388 HTTP Header Injection Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability

The Age

Police databases have major security flaws
The Age
Victorian police databases for firearm licences, sex offenders and personnel have major security flaws, according to the state's Commissioner for Law Enforcement Data Security. The Commission reviewed these systems during 2011-12 and delivered its ...

and more »
Internet Storm Center Infocon Status