Advantech WebAccess CVE-2014-0768 Stack-Based Buffer Overflow Vulnerability
Advantech WebAccess CVE-2014-0764 Stack-Based Buffer Overflow Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.
Falling hardware sales and the cost of layoffs hit IBM's profit hard in the first quarter, sending it down 21 percent from a year earlier.
Xscreensaver Local Denial Of Service Vulnerability
SpringSource Grails CVE-2012-1833 Security Bypass Vulnerability

It looks like, as I had suspected, the CRL activity numbers we have been seeing did not reflect the real volume caused by the OpenSSL Heartbleed bug.

This evening I noticed a massive spike in the amount of revocations being reported by this CRL: http://crl.globalsign.com/gs/gsorganizationvalg2.crl

The spike is so large that we initially thought it was a mistake, but we have since confirmed that it's real! We're talking about over 50,000 unique revocations from a single CRL:

This is by an order of magnitude the largest spike in revocation activity seen in years, according to our current data.

We have set up a new page for everyone to monitor the activity as well as see how we are obtaining this data. The page can be found at https://isc.sans.edu/crls.html.

How will you use this page in your projects or general analysis? We'd love to hear some ideas.

If you know of other CRLs that we can add, please let us know in the comments! Additionally, if you would like to see an API call added so that you can automatically query us for this information, please let us know so that we are aware of the demand.

On a side note, we can see a clear upward trend in revocations over the past 3 or 4 years:

What do you attribute this consistent growth in revocations to? What do you think caused the previous spikes?

Alex Stanford - GIAC GWEB,
Research Operations Manager,
SANS Internet Storm Center

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

Private encryption keys have been successfully extracted multiple times from a virtual private network server running the widely used OpenVPN application with a vulnerable version of OpenSSL, adding yet more urgency to the call for operators to fully protect their systems against the catastrophic Heartbleed bug.

Developers who maintain the open source OpenVPN package previously warned that private keys underpinning VPN sessions were vulnerable to Heartbleed. But until Wednesday, there was no public confirmation such a devastating theft was feasible in real-world settings, said Fredrik Strömberg, the operator of a Sweden-based VPN service who carried out the attacks on a test server. An attacker carrying out a malicious attack could use the same exploit to impersonate a target's VPN server and, in some cases, decrypt traffic passing between an end user and the real VPN server.

Wednesday's confirmation means any OpenVPN server—and likely servers using any other VPN application that may rely on OpenSSL—should follow the multistep path for recovering from Heartbleed, which is among the most serious bugs ever to hit the Internet. The first step is to update the OpenSSL library to the latest version. That step is crucial but by no means sufficient. Because Heartbleed may have leaked the private key that undergirds all VPN sessions, updated users may still be susceptible to attacks by anyone who may have exploited the vulnerability and made off with the key. To fully recover from Heartbleed, administrators should also revoke their old key certificates, ensure all end user applications are updated with a current certificate revocation list, and reissue new keys.

Read 4 remaining paragraphs | Comments

Multiple HP Products CVE-2013-6216 Privilege Escalation Vulnerability
A federal court has affirmed contempt charges against Lavabit, rejecting an attempt by company attorneys to argue new issues on appeal.
Google reported a 19 percent increase in revenue for the first quarter, but results from its advertising business were mixed.
Smartwatches for use on AT&T's network will be out this year, a company executive said Wednesday.
Ahead of the big New York Auto Show, several car companies today displayed in-vehicle infotainment systems that connect to smartphones to use mobile apps, music playlists, calling features and calendars.
Louisiana and Pennsylvania could become the latest states to impose restrictions on the use of commercial drone aircraft over their airspace.
Icinga 'cgi/cmd.c' Stack Buffer Overflow Vulnerability
The digital divide isn't some esoteric, policy-wonk concept to Michael Liiamatta, president of Connecting for Good, a nonprofit IT support group based in Kansas City, Mo.
Users of Google's Chrome continue to badger the company to change the browser's new tab page, a sore spot to some for over half a year, even as the Mountain View, Calif. firm sticks to its design guns.
Internet users may soon start to see more ads that look like posts from Google+, but without visiting the social network.
Google Chrome Prior to 34.0.1847.116 Multiple Security Vulnerabilities
Microsoft Internet Explorer CVE-2014-1760 Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-1752 Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-1751 Memory Corruption Vulnerability
The transition from copper-based telephone systems to IP networks in the U.S. could become swept up in political fallout as the FCC figures out how to regulate such networks in ways that will appease the courts.
A new webmail service called Lavaboom promises to provide easy-to-use email encryption without ever learning its users' private encryption keys or message contents.
An approach that has worked for centuries in all sorts of industries is just as applicable to the security field.
[SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable

Reader Philipp reported today a bug affecting his remaining Windows XP machines and Windows 2003 servers. Seems to be that all Windows XP and Windows 2003 machines with SC Forefront Endpoint Protection definition update and later are affected. You might want to test definition update, as we have received reports stating that it fixes the problem. However, we have not seen yet any official statement from Microsoft regarding this issue.

If you disable Forefront because it's not letting your machine work, please place other controls that minimize the associated risk. Otherwise, your computers could be so easily hacked.

We also receive questions on which AV is the best. Since the answer is it depends on the company and the information security assets, you might want to check the Magic Quadrant for Endpoint Protection from Gartner Group and try to find yourself what is the best answer for your company. If you want to read the entire file, you can have it from Mcafee or Computerlinks.

We will update this diary if more information becomes available.

More information available at:

Manuel Humberto Santander Pelaez
SANS Internet Storm Center - Handler
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?
[CORE-2014-0003] - SAP Router Password Timing Attack
[ MDVSA-2014:078 ] asterisk
[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7
Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in asterisk: Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request [More...]
LinuxSecurity.com: Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
LinuxSecurity.com: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical [More...]
LinuxSecurity.com: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
LinuxSecurity.com: Security Report Summary
ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
The Samsung Galaxy S5 comes with an "astronomical" cost for materials of $251.52 for the 32 GB version, according to a teardown estimate by IHS Technology.
As data volumes grow, figuring out how to unlock value becomes vastly important. Hadoop enables the processing of large data sets in a distributed environment and has become almost synonymous with big data. Here are 10 startups with solutions for unlocking big data value.
[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
SQL Injection in mAdserve
Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.
[security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk

Oracle released its quarterly Criticical Patch Update (CPU) yesterday [1]. As usual, the number of patches is quite intimidating. But remember these 104 fixes apply across the entire Oracle product range.

Some of the highlights:

CVE-2014-2406: A bug in Oracle's Database which allows a remotely authenticated user to gain control over the database.

37 new patches for Java SE, 35 of which allow remote execution as the user running the Java Applet (according to Oracle: "The CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows)".

4 of the Java vulnerabilities have a base CVSS score of 10 indicating not only full remote code execution but also easy exploitability.

[1] http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle MySQL Server CVE-2014-2435 Remote Security Vulnerability
Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability
Oracle PeopleSoft Enterprise PT PeopleTools CVE-2014-2437 Remote Security Vulnerability
CVE-2014-2735 - WinSCP: missing X.509 validation
[SECURITY] [DSA 2905-1] chromium-browser security update
Oracle VM VirtualBox 'crNetRecvReadback()' Function Memory Corruption Vulnerability
Multiple Oracle Java Products 'unpack.cpp' Insecure Temporary File Creation Vulnerability
To excel in manufacturing, tech workers need to be one part tinkerer and one part visionary, with a bit of analytical acumen thrown in as well.
Microsoft is targeting the growing volume of data being generated by both machines and humans: CEO Satya Nadella on Tuesday showed off tools that could help organizations better understand -- and profit from -- this trove of information.
Red Hat is looking to advance the Docker Linux container application for wider enterprise use.
Intel shipped 5 million processors for tablets in the first quarter, but profits fell as PC sales remained weak.
Typo halted the sale of its add-on keyboard for the iPhone on Tuesday after an injunction took effect that bans it from being imported to the U.S.
In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.
In case it wasn't clear already, Intel and Microsoft are no longer joined at the hip. Intel is trying desperately to grow its share of the tablet market, and with Windows flunking out on those devices, Android is where it's at.
Google's one-day sale of Google Glass seems to have been a success with all units sold out, a blog post by the search giant suggests.
Oracle Transportation Management CVE-2014-2460 Remote Security Vulnerability

Posted by InfoSec News on Apr 16


By Andrew Chuter
Defense News
April 15, 2014

KUALA LUMPUR -- BAE Systems Applied Intelligence business is moving the
center of its cyber software development activities to Malaysia as part of
a strategy that will see the Southeast Asian location emerge as a key
component of it growing security business, according to Richard Watson,...

Posted by InfoSec News on Apr 16


By Mathew J. Schwartz
Dark Reading

NSA denies prior knowledge of the Heartbleed vulnerability, but the White
House reserves the right to withhold zero-day exploit information is some
cases involving security or law enforcement.

The White House and National Security Agency have strongly denied reports
that the NSA had known about the Heartbleed vulnerability in...

Becrypt unveils innovative secure mobility solution at InfoSec Europe
LONDON, UK: Becrypt will be demonstrating tVolution Mini, the latest addition to its range of innovative secure mobility solutions at InfoSec Europe. tVolution Mini is a secure miniature computer the size of a credit card which plugs directly into the ...


Posted by InfoSec News on Apr 16


By Kim Yoo-chul
The Korea Times

Around 35 million of Korea's population of 52 million population use
mobile devices.

But with this rising connectedness comes increased vulnerability to
hacking; but so far, the country has failed to protect user information
from hacking and other cyber security attacks.

"It's fair to say Korea has emerged as a haven...

Posted by InfoSec News on Apr 16


By Jordan Robertson
The Age - ITPro
April 16, 2014

For those who don't feel the urgency to install the latest security fixes
for their computers or change passwords, take note: Just a day after
Heartbleed was revealed, attacks from a computer in China were launched.

The software bug, which affects a widely used...

Posted by InfoSec News on Apr 16


By Brian Krebs
Krebs on Security
April 15, 2014

Computer hard drive maker LaCie has acknowledged that a hacker break-in at
its online store exposed credit card numbers and contact information on
customers for the better part of the past year. The disclosure comes
almost a month after the breach was first disclosed by KrebsOnSecurity.

On Mar....
Internet Storm Center Infocon Status