Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Software-defined networking in universities today is like the early Internet decades ago, and big-data researchers in genomics and other fields already need it for their next set of discoveries, according to the head of Internet2.
 
Oracle Java SE CVE-2013-2384 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2013-2417 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2013-2430 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2013-2422 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2013-1537 Remote Code Execution Vulnerability
 
Oracle Java SE CVE-2013-2436 Remote Java Runtime Environment Vulnerability
 
In a ceremony on April 15, 2013, 11 major companies formally established partnerships with the National Cybersecurity Center of Excellence (NCCoE). The center is a public-private partnership hosted by the National Institute of Standards ...
 
Intel has purchased Mashery, a provider or API management tools, in the chip maker's latest move to expand into software and services.
 
Intel's outgoing CEO took a few parting shots at Microsoft's Windows 8 Tuesday as he explained a slump in both revenue and profits for the first quarter.
 
Americans are so fixated on social networks that they spend an average of 16 minutes out of every hour on them, according to a study by Experian Marketing Services.
 
Consumers often fail to perform transactions online due to authentication failure. But while they struggle, they also distrust websites with weak authentication procedures.
 
Users on Twitter are now more likely to see ads based on what they tweet about.
 
More than 25 years after Apple introduced "Knowledge Navigator" as a concept that envisioned the future of computers, Intel has reintroduced the concept as the future of smartphones.
 
Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products.
 
A suspect in the Boston Marathon bombing on Monday has reportedly been identified, according to numerous news agencies, although there were conflicting reports about whether anyone had been arrested.
 
Apache And Microsoft IIS Range Denial of Service Vulnerability
 
Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21
 

Tabernus to Give Away iPad at InfoSec Europe 2013
Press Release Centre (press release)
Tabernus to Give Away iPad at InfoSec Europe 2013. 2013-04-17; By Marketers Media; Posted in Business. Tabernus, an International data erasure software developer, is giving away the brand new 16 GB Apple iPad with retina display, worth £399.00 to one ...

 
The video of the April 3, 2013, Cybersecurity Framework Workshop convened by the National Institute for Standards and Technology (NIST) is now available for streaming on demand. This meeting, held at the Department of Commerce in ...
 
The sixth annual amp"Safeguarding Health Information: Building Assurance through HIPAA Securityamp" conference will meet on May 21 and 22, 2013, at the Ronald Reagan Building and International Trade Center in Washington, D.C. The meeting ...
 
The National Institute of Standards and Technology (NIST) is hosting a symposium on how to develop and evaluate amp"ontologiesamp"amp-formal, computer-readable definitions of terms and their interrelationships amp-at its Gaithersburg, ...
 
R. Balakrishnan (Balki)
 
Google is moving to keep up with its mobile users, updating search on devices this week.
 
A suspect in the Boston Marathon bombing on Monday has reportedly been arrested, according to numerous news agencies, although there were conflicting reports about the status of the investigation.
 
After the events of the last few days, I thought everybody could use a smile. And this definitely brought one to my face.
 
Social media startups aren't typically as well-funded as cloud or mobile startups, but they can have just as much impact and potential in how a business functions and succeeds. After evaluating more than 40 social media startups and then turning to crowdsourcing for input, here are the 10 hot social media startups to watch.
 
There is absolutely no way that Apple will surrender its iPhone interface to Facebook Home, analysts said today.
 

Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week's rumors. The scheme will become available to all users "in the next few days."

It works essentially identically to existing schemes already available for Google accounts. Two-factor authentication augments a password with a one-time code that's delivered either by text message or generated in an authentication app.

Computers that you trust will be allowed to skip the two factors and just use a password, and application-specific passwords can be generated for interoperating with software that doesn't support two-factor authentication.

Read 1 remaining paragraphs | Comments

 
Former hacker Peiter "Mudge" Zatko has quit Defense Advanced Research Project Agency (DARPA) to work for Google subsidiary Motorola Mobility
    


 
Gartner forecasts that security services in the cloud will soon account for 10% of the enterprise IT security market, largely driven by compliance.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
SI6 Networks' IPv6 Toolkit v1.3.4 released!
 
Multiple Vulnerabilities in KrisonAV CMS
 
Open-Xchange Security Advisory 2013-04-17
 
If software-defined networking ultimately changes the landscape of networking, Intel could be one of the biggest beneficiaries -- and might be one of the reasons.
 
The volume, duration and frequency of distributed denial-of-service (DDOS) attacks used to flood websites and other systems with junk traffic have significantly increased during the first three months of this year, according to a report released Wednesday by Florida-based DDOS mitigation provider Prolexic.
 
The lack of updates for many carrier-customised Android phones has long been a thorn in the side of users, leaving them exposed to known vulnerabilities. Now the ACLU is asking the Federal Trade Commission to do something about it
    


 
[ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution
 
[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services
 
[SE-2012-01] Details of issues fixed by Java SE 7 Update 21
 
Linux Kernel CVE-2012-6547 Local Information Disclosure Vulnerability
 

About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook.  Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less).  Similar IPs have also been sending pump & dump scams so likely the same group has re-tasted itself.

Here is a list of subjects I've seen hit spam traps:

Subject: 2 Explosions at Boston Marathon
Subject: Aftermath to explosion at Boston Marathon
Subject: Arbitron. Dial Global. Boston Bombings
Subject: Boston Explosion Caught on Video
Subject: BREAKING - Boston Marathon Explosion
Subject: Explosion at Boston Marathon
Subject: Explosion at the Boston Marathon
Subject: Explosions at Boston Marathon
Subject: Explosions at the Boston Marathon
Subject: Opinion: Boston Marathon Explosions made by radical Gays? Really? - CNN.com
Subject: Opinion: Boston Marathon Explosions - Romney Benefits? - CNN.com
Subject: Opinion: Boston Marathon Worse Sensation - Osama bin Laden still alive!? - CNN.com
Subject: Opinion: FBI knew about bombs 3 days before Boston Marathon - Why and Who Benefits? - CNN.com
Subject: Opinion: Osama Bin Laden video about Boston Marathon Explosions - bad news for all the world. - CNN.com
Subject:[SPAM] 2 Explosions at Boston Marathon
Subject:[SPAM] Boston Explosion Caught on Video
Subject:[SPAM] Explosions at the Boston Marathon
Subject:[SPAM] Video of Explosion at the Boston Marathon 2013
Subject: Stiri:EXPLOZIILE de la maratonul din Boston/Spaga este negociata la granita Romaniei/A inventat bautura care INLOCUIESTE MANCAREA/TUNELUL cu mecanisme de NEINTELES al lui STALIN/70 % din infrastructura RCS-RDS este amplasata ILEGAL/BOMBA ANULUI IN SHOWBIZ
Subject: Video of Explosion at the Boston Marathon 2013

Here is a list of malicious URLs in those messages (use at your own risk):

hxxp://109.87.205.222/boston.html
hxxp://109.87.205.222/news.html
hxxp://110.92.80.47/boston.html
hxxp://110.92.80.47/news.html
hxxp://118.141.37.122/boston.html
hxxp://118.141.37.122/news.html
hxxp://176.241.148.169/boston.html
hxxp://176.241.148.169/news.html
hxxp://178.137.100.12/boston.html
hxxp://178.137.100.12/news.html
hxxp://178.137.120.224/boston.html
hxxp://178.137.120.224/news.html
hxxp://188.2.164.112/boston.html
hxxp://188.2.164.112/news.html
hxxp://190.245.177.248/boston.html
hxxp://190.245.177.248/news.html
hxxp://212.75.18.190/boston.html
hxxp://212.75.18.190/news.html
hxxp://213.34.205.27/boston.html
hxxp://213.34.205.27/news.html
hxxp://217.145.222.14/boston.html
hxxp://217.145.222.14/news.html
hxxp://219.198.196.116/boston.html
hxxp://219.198.196.116/news.html
hxxp://24.180.60.184/boston.html
hxxp://24.180.60.184/news.html
hxxp://24.214.242.227/boston.html
hxxp://24.214.242.227/news.html
hxxp://31.133.84.65/boston.html
hxxp://31.133.84.65/news.html
hxxp://37.229.215.183/boston.html
hxxp://37.229.215.183/news.html
hxxp://37.229.92.116/boston.html
hxxp://37.229.92.116/news.html
hxxp://46.233.4.113/boston.html
hxxp://46.233.4.113/news.html
hxxp://46.233.4.113/xxxxx.html
hxxp://50.136.163.28/boston.html
hxxp://50.136.163.28/news.html
hxxp://61.63.123.44/boston.html
hxxp://61.63.123.44/news.html
hxxp://62.45.148.76/boston.html
hxxp://62.45.148.76/news.html
hxxp://62.45.148.76/xxxxx.html
hxxp://78.90.133.133/boston.html
hxxp://78.90.133.133/news.html
hxxp://83.170.192.154/boston.html
hxxp://83.170.192.154/news.html
hxxp://85.198.81.26/boston.html
hxxp://85.198.81.26/news.html
hxxp://85.204.15.40/boston.html
hxxp://85.204.15.40/news.html
hxxp://85.217.234.98/boston.html
hxxp://85.217.234.98/news.html
hxxp://91.241.177.162/boston.html
hxxp://91.241.177.162/news.html
hxxp://91.241.177.162/xxxxx.html
hxxp://94.153.15.249/boston.html
hxxp://94.153.15.249/news.html
hxxp://94.28.49.130/boston.html
hxxp://94.28.49.130/news.html
hxxp://95.69.141.121/boston.html
hxxp://95.69.141.121/news.html
hxxp://95.87.6.156/boston.html
hxxp://95.87.6.156/news.html
 
Some of these are already down, but basically plain pages with a handful of embedded YouTube videos that are relevant.  Early versions would redirect to fetch a file: boston___________AVI.exe and on down the rabbit hole it goes.  It was pretty loud so most AV should have sigs already.
 
H/T to Nick Tabick and Corbin Souffrant, two of my students at the University of Illinois who helped dig into this last night.
 
http://blog.trendmicro.com/trendlabs-security-intelligence/kelihos-worm-emerges-takes-advantage-of-boston-marathon-blast/UPDATE: Trend Micro has a write up too.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The attempt by law enforcement authorities in Boston to use crowdsourced video images and still photos to identify those responsible for the fatal bombings in the city earlier this week could prove challenging, but it's not unprecedented.
 
Google Apps, including Gmail and Google Documents, suffered a disruption this morning.
 
Linux Kernel CVE-2012-6537 Multiple Local Information Disclosure Vulnerabilities
 
Linux Kernel CVE-2012-6542 Local Information Disclosure Vulnerability
 
Linux Kernel CVE-2012-6546 Multiple Local Information Disclosure Vulnerabilities
 
The number of targeted attacks almost doubled in 2012 compared to the prior year.
 
Samsung announced today that its next-generation Galaxy S4 smartphone will be available by the end of April on seven major U.S. carriers, as well as seven retailers.
 
Apple on Tuesday patched Java for the aged OS X Snow Leopard and tweaked Safari to give users more control over what websites they let run the vulnerability plagued Oracle software.
 
Linux Kernel Multiple Local Information Disclosure Vulnerabilities
 
ZAPms 'pid' Parameter SQL Injection Vulnerability
 
Surprisingly beefy, browser-based JSFiddle, Icenium, Cloud9 and Codenvy stretch from client-side JavaScript to server-side Java and Web stacks
 
A Twitter chat is an awesome way to engage an audience, increase your brand's social visibility, and connect with an audience in a new way.
 
Linux Kernel CVE-2013-0313 NULL Pointer Dereference Denial of Service Vulnerability
 

Consolidation: a new infosec imperative
ITWeb
Fragmented information security systems can lead to weak spots, say experts. Consolidation of tools and streamlining of information management is needed now for proactive IT security. Information security management needs a holistic approach, says ...

 
Apple has furnished its web browser with a new security feature that allows Java applet loading permissions to be granted on a web-site-specific basis. The company has also released another Java 6 update
    


 
The White House has threatened to veto the controversial Cyber Intelligence Sharing and Protection Act (CISPA) in its present form, citing concerns that the bill does not adequately prevent sharing of irrelevant personal information.
 
Microsoft has signed up another major electronics manufacturer to its Android and Chrome patent licensing program, this time Taiwan's Foxconn, which will pay royalties to the U.S. software giant.
 
Three Google executives are heading back to court in Italy, where the prosecutor has appealed their acquittal on charges of allowing a video to be posted in breach of Italy's privacy laws, one of the Google execs involved said on Wednesday.
 
Smartphones with custom versions of Android offered by large mobile operators in the U.S. are not getting security updates as regularly as phones from Google, or smartphones from other vendors like Microsoft, according to a complaint by the American Civil Liberties Union to the Federal Trade Commission.
 
The new Java update fixes 42 security holes; the update also introduces a more restrictive approach for executing Java applets in the Java Control Panel and encourages the use of signed applets
    


 
ENISA will support the EU and its member states in terms of network security and help with the analysis of security problems for another seven years
    


 
MediaWiki Multiple Remote Vulnerabilities
 
With hard data in short supply, the true value of bring-your-own-device policies is in the eye of the beholder. Insider (registration required)
 
Microsoft may recant its Windows 8 design theology, bloggers reported Tuesday, by offering Windows 8 users an option to bypass the "Modern" UI and by restoring the Start button and menu to the beleaguered operating system.
 
HAProxy 'tcp-request content' CVE-2013-1912 Buffer Overflow Vulnerability
 
cURL/libcURL 'tailmatch()' Function Information Disclosure Vulnerability
 

Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.

The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn't be surprised if peaks break the 200 Gbps threshold by the end of June.

The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower.

Read 9 remaining paragraphs | Comments

 
Oracle Java SE CVE-2013-1558 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2013-1537 Remote Java Runtime Environment Vulnerability
 

SC Magazine UK

Training up the infosec troops
SC Magazine UK
The UK has a desperate need for more infosec professionals, according to the National Audit Office (NAO). In its February 2013 landscape review of the UK's cyber security, which assessed the UK government's progress in implementing its cyber security ...

and more »
 

UPDATE: All seems to be well and the interuption was brief. You can check status @ http://www.apple.com/support/systemstatus/

We are getting reports of an Apple services outage and or diffuculty connecting to iTunes services. If you are seeing this please report it?

 

Richard Porter

--- ISC Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM WebSphere Application Server CVE-2013-0458 Cross Site Scripting Vulnerability
 
IBM WebSphere Application Server CVE-2013-0459 Cross Site Scripting Vulnerability
 
IBM WebSphere Application Server CVE-2013-0462 Security Bypass Vulnerability
 
IBM WebSphere Application Server CVE-2013-0461 Cross Site Scripting Vulnerability
 
Internet Storm Center Infocon Status