Hackin9
APPLE-SA-2016-05-16-6 iTunes 12.4
 
APPLE-SA-2016-05-16-5 Safari 9.1.1
 
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003
 
APPLE-SA-2016-05-16-3 watchOS 2.2.1
 
APPLE-SA-2016-05-16-2 iOS 9.3.2
 
APPLE-SA-2016-05-16-1 tvOS 9.2.1
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

FCW.com

DHS gets past phishing but leaves docs exposed
FCW.com
The IG contracted with KPMG in late 2015 to conduct an information security test on the agency's Office of Financial Management (OFM) and Office of the CIO. The audit took stock of nontechnical areas related to the protection of sensitive IT and ...

and more »
 

Softpedia News

Paranoid Furtim Malware Checks for 400 Security Products Before Execution
Softpedia News
A security researcher that goes online only by the nickname of FireFOX (@hFireF0X) has discovered and analyzed a unique malware family that pays a lot of attention to remaining undetected, and not to having great features or efficient data exfiltration ...

 

CSN announces the filing of its 20-F
SYS-CON Media (press release)
The report is available on the SEC's website, at http://www.sec.gov, and on CSN's website, at http://www.csn.com.br/ir (Financial Info / SEC Filings). Security holders have the ability to receive a hard copy of the Company's annual report on Form 20-F ...

and more »
 
[SECURITY] [DSA 3580-1] imagemagick security update
 
[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability
 
[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet
 

Most of us know what a Nigerian 419 Scam is and no doubt have received numerous emails from Nigerian Princes and others with large sums of money to give us. But one of our readers sent along a variant of this that I had not seen in many years. This is what one of the ISC Handlers referred to in a diary post from 9 years ago as the 419 Death Scam.

Below is the typical text of the email:

----------------

From:Serial Killer
Sent:Fri 5/13/16 6:29 AM
To: XXXXX XXXXXXX

Its sad to inform you that this is how your life is going to end as soon as you do not comply. As you can see we are the members of the Deadly Networks in the world, which is responsible for the bombing of twin towers [ISO-8859-1?] in America on Sept 11th and the bombing of London transport services on July 7th (AL-QAEDA NETWORKS WORLDWIDE).

I do not have any business with you. I have been appointed to KILL you and I have to do it as I have already been paid for that. Someone who you called your friend wants you dead by all means, and this person have spent a lot of money in this venture. This person came to us and told us that they want you dead and they provided us with your name, pictures and other necessary information we need about you.

I have ordered my men to track you down , these includes bugging of your phones with satellite tracking devices and they have carried out every necessary investigation needed for the operation. If you doubt this, am going to give you all the information about you given to us in your next reply so that you can believe me, and my boys are really on you. I have instructed them not to kill you for now, that I will like to contact you and see if your life and that of your family is important to you. I notice that you are not guilty of the offence you are accused of, but am still contemplating on consideration. I called my client back and ask for your email address which I did not tell him what I want to do with it. As I am writing you this email my men are monitoring your movement.

Now do you want to LIVE OR DIE? Since all program has been made to kill you. Get back to me now if you are ready to negotiate with us to spare your life or not. We have been paid the sum of $5,000 (Five thousand USD) to carry out this operation and it is going to be swift. Failure to comply to this email, count yourself as good as dead

WARNING: DO NOT CONTACT THE POLICE OR ANYONE ABOUT THIS BECAUSE MY SPIES ARE EVERY WHERE. REMEMBER SOMEONE WHO KNOWS YOU VERY WELL WANT YOU DEAD! I WILL EXTEND THE EXECUTION TO YOUR FAMILY IF I NOTICE YOU TELLING THE SECURITY AGENTS. DO NOT COME OUT ONCE IT IS 8PM UNTIL YOU ARE READY TO NEGOTIATE WITH US. WE HAVE THE TAPE OF ALL THE DISCUSSION WITH THE PERSON WHO WANT YOU DEAD. YOU CAN USE IT TO TAKE ANY LEGAL ACTION ONCE WE REACH AN AGREEMENT.

GOOD LUCK AS I AWAIT YOUR REPLY.

-----------

I am trying to get a hold of the original headers to do more investigation, but I have informed the ISP that owns the return email address. I do find myself wondering what segment of the population would fall for this?

Swas">The best possible advice:">. These guys will just spam you if you do not respond, once you respond theyve spotted somebody who might fall for the scam and they">This is the classicdont be the easiest target.">This is becoming known as a 419 death threat">How to report:">contact the abuse contact of the reply mailbox.">report it as an attempted scam with the appropriate authorities for the part of the world you live in.
In the USA, from the FBI: If you have experienced this situation, please notify your local, state, or federal law enforcement agency immediately. Also, please notify the IC3 by filing a complaint at">www.ic3.gov. In Canada they can be reported to the Canadian Anti-Fraud Centre.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 

Enlarge (credit: Merge Healthcare)

A heart patient undergoing a medical procedure earlier this year was put at risk when misconfigured antivirus software caused a crucial lab device to hang and require a reboot before doctors could continue.

The incident, described in an alert issued by the Food and Drug Administration, highlights the darker side of using computers and computer networks in mission-critical environments. While a computer crash is little more than an annoyance for most people at home or in offices, it can have far more serious consequences in hospitals, power generation facilities, or other industrial settings.

The computer system at issue in the FDA alert is known under the brand name Merge Hemo and is sold by Hartland, Wisconsin-based Merge Healthcare. It comprises a patient data module and a monitor PC that are connected by a serial cable. It's used to provide doctors with real-time diagnostic information from a patient undergoing a procedure known as a cardiac catheterization, in which doctors insert a tube into a blood vessel to see how well the patient's heart is working.

Read 9 remaining paragraphs | Comments

 

Some of the code behind the new Mr. Robot website. (credit: NBC Universal)

The USA Network show Mr. Robot has drawn a good deal of praise for its accurate (relative to other TV shows) portrayal of hacking and computer security. So, naturally, the site for the show has drawn a slightly different sort of adoring fan—"white hat" hackers looking for security holes.

On May 10, USA Network launched a new site for Mr. Robot promoting the July debut of the series' second season—a JavaScript-powered page that uses text input and mimics a Linux shell (complete with a GRUB bootup message). On the same day, as Forbes' Thomas Fox-Brewster reported, a hacker operating under the name Zemnmez reported a cross-site scripting (XSS) vulnerability in the Mr. Robot site that could have been used to trick the site's visitors into giving up their Facebook profile data. Zenmez sent an e-mail about the vulnerability to Mr. Robot writer Sam Esmail; within a few hours, according to NBC Universal (USA Network's corporate parent), the vulnerability was removed.

News of the vulnerability apparently piqued the interest of other hackers in the show's fanbase. On May 13, another "white hat" hacker who calls himself corenumb poked around the site's e-mail registration code and found that the PHP code behind it was vulnerable to a type of attack called blind SQL injection—an attack that embeds SQL commands into text sent to a website, bypassing error messages that would normally block those attacks. The vulnerability would have allowed a malicious attacker to execute SQL commands against the database used for the show's e-mail list. Corenumb was able to retrieve information about the backend database and the server it runs on using SQLmap, an open source penetration testing toolkit used specifically for checking for SQL injection vulnerabilities.

Read 1 remaining paragraphs | Comments

 
[SECURITY] [DSA 3577-1] jansson security update
 
[SECURITY] [DSA 3578-1] libidn security update
 
[SECURITY] [DSA 3579-1] xerces-c security update
 
eXtplorer v2.1.9 Archive Path Traversal
 
dns_dhcp Web Interface SQL Injection
 
Internet Storm Center Infocon Status