Hackin9

Forbes

Security News You Might Have Missed: Microsoft Sues the Government Over Secret Cloud Data Searches
Forbes
(How this will impact the percentage of rejections remains to be seen.) Here's a recap of additional security news you might have missed this week, along with some tips on tools or features you may wish to uninstall, disable, update, or download ...

and more »
 

Softpedia News

Is the FBI Hiding a Firefox Zero-Day?
Softpedia News
A question posed by a researcher from the International Computer Science Institute in Berkeley, California has led many to believe, even us, that the FBI may be sitting on a Firefox zero-day which it is currently fighting in US courts to keep secret ...

 

Engadget

Senate to Americans: Your security is not our problem
Engadget
Bad Password is a weekly hacking and security column examining infosec and our ever-eroding "privacy." See all articles. Latest in Culture. Canada's prime minister schools reporter on quantum computing. 2h ago. View. Uber, Lyft drivers will need a ...

 

(credit: Dr F. Eugene Hester, U.S. Fish and Wildlife Service)

More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday.

About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations.

Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.

Read 2 remaining paragraphs | Comments

 
[SECURITY] [DSA 3550-1] openssh security update
 

I just had to block a couple of IP addresses from access to our site because they flooded it with several requests a second. Mostly Amazon WS IPs... Just as a reminder: We like for people to use our data. If you need bulk access, shoot me an e-mail (jullrich -/@/- sans.edu ). And if you write scripts to harvest our data (which is OK!) , then please add an email address or other contact information to your user agent so we can get in touch if there is a problem.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Softpedia News

Crooks Combine Gozi and Nymaim Trojans to Steal Money from 24 Banks
Softpedia News
During the month of April, security researchers from IBM have spotted a new trojan that appears to be the spawn of the Gozi banking trojan and the Nymaim dropper/ransomware. Dubbed GozNym, researchers say this trojan was used in attacks against the ...

and more »
 
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability
 
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction
 
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues
 
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability
 

Tippingpoints Zero Day Initiative made two vulnerabilities for Quicktime in Windows public yesterday [1][2]. The two vulnerabilitiesdo allow remote code execution, but there is a bit of user interaction required in that the user has to visit a web page with a malicious file to get exposed to the exploit. The CVSS score for both vulnerabilities is 6.8.

Usually, I would point to a patch at this point. But Apple responded to TippingPoint stating that Quicktime For Windows is no longer a supported product, and no updates will be released to fix these two vulnerabilities.

Apple published a page with details about how to uninstall Quicktime [3]. But I cant find any other official announcement from Apple about the state of Quicktime, other then the TippingPointvulnerability release. As part of the uninstall instructions, Apple recommends searching for Uninstall QuickTime. Please make sure to only search locally, do not use a Bing/Google/... search as it may lead to suspect software. A quick check I just did doesn there are at least a couple spammy links in Bing.

[1] http://zerodayinitiative.com/advisories/ZDI-16-241/
[2] http://zerodayinitiative.com/advisories/ZDI-16-242/
[3]https://support.apple.com/HT205771

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

The InfoSec Landscape Is Changing, And No One Is Safe
Seeking Alpha
In the dynamic world of cloud computing and the Internet of Things, it is no news that cyber security has been a hot topic for both service and equipment providers in the tech landscape. It seems that every enterprise, every endpoint and every user is ...

 

Why there is a cybersecurity gender gap—and how to close it
CIO Dive
The good news is the field of cybersecurity is growing rapidly, which should help draw a wide array of professionals. "I believe more ... "Networking with other women in infosec has been immensely helpful for me," said DeGrippo. "Having that network of ...

 
[SECURITY] [DSA 3549-1] chromium-browser security update
 

Techworm

Infamous Mario Kart level Is The Inspiration Behind Tesla Easter Egg
Techworm
Known for including fun little Easter Eggs in its software, Tesla's latest update is no different. A recently discovered Easter egg transforms the dull grey road shown on a Tesla's instrument cluster into a colorful path that resembles the notoriously ...

and more »
 
AST-2016-005: TCP denial of service in PJProject
 
AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk
 
NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin
 
ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability
 
Internet Storm Center Infocon Status