InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
lighttpd 'http_auth.c' Remote Denial of Service Vulnerability
Multiple Cogent Datahub Products Unspecified HTTP Header Injection Vulnerability
Despite the Mac's recent gains in market share, Windows is still the dominant operating system, especially in businesses. That means there may be times when you need to run the Microsoft OS: perhaps there’s an application your company uses that’s only available for Windows, or you’re a web developer and you need to test your sites in a true native Windows web browser. Or maybe you want to play computer games that aren’t available for OS X. Whatever your reason for running Windows, there are a number of ways your Mac can do it for you.
[ MDVSA-2012:007 ] openssl
[ MDVSA-2012:006 ] openssl
[ MDVSA-2012:005 ] libxml2
While the RSA SecurID breach cost EMC?s security division more than $60 million, executives admit it could take years to restore its tarnished image.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Symantec said the $115 million-dollar deal boosts its e-discovery business and offer security and antispam capabilities for on-premise and hosted email.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Israeli Banking system had to take measures yesterday when it was under attack, as a result it blocked all out side communications and left hundreds of its clients unable to use its services.

Hannibal has continued to dumped thousands of accounts as promised, Along with the account dumps comes the below message to 0xOmar and his friends. Hannibal says he will continue to support the Israeli governments and will continue to arrack "arab" country's.

Salesforce on Monday said that Vivek Kundra, who was the first person to serve as CIO of the U.S. federal government, has joined the company as executive vice president of emerging markets.
Controversial online copyright enforcement bill the Stop Online Piracy Act may be stalled in the U.S. House of Representatives as lawmakers try to iron out a compromise, an opponent of the legislation said.
Linux Kernel PMC Local Denial of Service Vulnerability
HP StorageWorks Default Accounts and Directory Traversal Vulnerabilities
SAP has acquired software from Datango that will allow it to add multilingual online help and training materials to enterprise software applications.
Symantec pays $115M for provider of cloud-based data archiving and storage service
Re: Multiple XSS in KnowledgeTree Community Edition
[SECURITY] [DSA 2389-1] linux-2.6 security update
The online retailer Zappos announced yesterday a breach to their systems and has expired all password accounts on zappos.com. There is a letter to employees from Zappos CEO available on zappos.com.[1] They are urging all customers to change their zappos account password immediately [2], alsodo so on accounts elsewhere if your password is in sync.
It is also being reported they have turned off company phones and request inquires be sent to email, as their phone system capacity is not capable of the high volume.[3] ISC Handlers outside the US have reported they are unable to get to the Zappos.com sites. It appears they have opened things back up for some non-US traffic, but all traffic is not open as of this writing.
I have not read any report on this issue that indicates what day the incident was discovered. There are also no avaialble details on how long the breach was active before being discovered by Zappos staff. However, if basic incident handling protocols are being used for this incident, then it appears the discovery of the incident is only days old, and not weeks or more. If this is true, I applaud Zappos for coming clean as quickly as possible. Far too many companies wait too long to notify their customer base.
If anyone has details they can share or reports that provide any further info, then feel freeto post a comment or send it in to us directly.



Kevin Shortt
ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

2 Israeli Web Sites Crippled as Cyberwar Escalates
New York Times
But Avi Weissman, the chief executive of See Security InfoSec and Cyber Warfare College and chairman of the Israeli Forum for Information Security, a nonprofit organization, told the radio that in the cyberrealm, Israel may be a power “in terms of ...

and more »
[Announcement] ClubHack Mag - Call for Articles
[SECURITY] [DSA 2390-1] openssl security update
[SECURITY] [DSA 2388-1] t1lib security update
ATutor 2.0.3 Multiple XSS vulnerabilities
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
Enterprises can now run Windows Server in Amazon's cloud for up to 750 hours per month at no charge, using the AWS (Amazon Web Services) Free Usage Tier, the company said on Sunday.
Over Christmas a company that is local to cwn, funds focus suffered from massive ddos attacks which resulted in the attackers demanding money to stop the attacks, as a result of the constant ddos the hosting company Melbourne IT failed to mitigate the attacks and now the owner of Funds Focus is unhappy.

Online shoe and apparel shop Zappos.com is advising over 24 million customers to change their passwords following a data breach, but its website is currently inaccessible to people outside the U.S.
Yet Again More Websites are being attacked and defaced with common messages. The attacks which come from DevilzSec are all hacked in the fight towards Palestine.

The U.S. Department of Homeland Security is engaging in media monitoring activity that achieves no public safety goals and will likely have a chilling effect on legitimate criticism of the agency, a leading privacy advocacy group warned.
0xOmar, the hacker who is constantly causing trouble for Israeli's has just announced that he would like all fellow hackers to join him and make a Jihadist Hackers Group.

OpenSSL ECC Private Key Information Disclosure Vulnerability
To keep pace with a fast-changing business environment, these companies are ditching inflexible legacy systems in favor of software as a service and cloud computing. Are they getting the speed, flexibility and cost savings they thought they would? Insider, registration required.
Its About time some of the bigger networks have had a look into Anonymous, even tho its short it is fairly well put together, hope more can come out of this. Its good to see that the point out that there is more then just hackers within anonymous.

This is part 4 which contains the sites that STK has leaked in parts 10,11,12,13. So far there has been over 30 different sites with thousands of accounts dumped,

@muldaria48 has attacked and leaked 1900+ accounts from phdeb.org the Pakistan Horticulture Development website. the attack is one of the first release's by @muldaria48.

The Nigerian Army has come under attack frm hackers who have attacked its website and left it defaced, the attack which has been carried out by @NaijaCyberHack Naija Cyber Hactivists.

t1lib Type 1 Font Parsing Multiple Denial of Service Vulnerabilities
Evince AFM Font File Parser Heap Buffer Overflow Vulnerability
Gretech GOM Player '.asx' File Remote Stack Buffer Overflow Vulnerability
TFTP Server Read Request Remote Buffer Overflow Vulnerability
We have been alerted to a big dump fo xbox accounts which is most likely the results of a phishing scam or keyloggers. All account details are in clear text, if you think you may be compromised then check with CTRL+F.

Catalyst-Gaming (www.catalystgaming.net) a Northern Tasmanian LAN gaming community has been hit by hackers who have dumped a load of user account details on to pastebin.

We have just been alerted to an attack that is currently taking place on Tel Aviv Stock Exchange and Israel Airline. The attack is which Part of the Saudi Hacker 0xOmar's fight towards Israeli and he has joined forces with another hacker going by the handle of Nightmare.

As contined on from Part 1 and Part 2 this is our thrid part of the huge dump of websites accounts and logins by a hacker using the handle STK. So this is part 3, which consist of parts7,8,9 from STK.

This is part two which contains part 4,5,6 from STK's website leaks, see first post for more information. This part contains 25 or so sites, minor information and links to leaks.

The attack comes from a hacker going by the handle of STK and most of the account leaks do have encrypted passwords but sadly some do have clear text, the websites that have been targted are fairly random and range from america, new zealand, australia and other countrys.

Internet Storm Center Infocon Status