Hackin9

A UK man accused of breaking into computer systems operated by the US government has been rearrested on a recently filed extradition request, it has been widely reported.

Lauri Love, now 30, was arrested in October 2013 on charges he and associates hacked into networks operated by the US Army, the US Missile Defense Agency, NASA, the Environmental Protection Agency, and other US government agencies. The objective behind the hacking spree, US prosecutors said at the time, was to disrupt the operations and infrastructure of the US government by stealing large amounts of military data and personally identifying information of government employees and military personnel. "You have no idea how much we can fuck with the US government if we wanted to," Love allegedly told a hacking colleague at one point.

Following the 2013 arrest, Love was released on bail. Earlier this week, he was rearrested on an extradition warrant on behalf of the US, The Guardian and other news organizations reported. Love's attorney told reporters her client planned to fight the proceedings.

Read 2 remaining paragraphs | Comments

 

A string of weaponized attacks targeting Adobe's Flash media player—including three in the past 10 days—has kept software engineers scrambling to fix the underlying vulnerabilities that make the exploits so dangerous. Fortunately, they have also been busy making structural changes to the way the program interacts with computer operating systems to significantly reduce the damage that can result not only from those specific attacks but entire classes of similar ones.

At the moment, the defenses are fully implemented only in the Flash version included in Google Chrome, having made their debut earlier this week. One of the two mitigations is available in other versions of Flash, and the remaining one is expected to be added to other browsers in August. Had they been widely available earlier, they likely would have blunted the effects of at least some of the three most recent zero-day vulnerabilities, which were leaked following the thorough hack of Hacking Team, the malware-as-a-service provider that catered to governments around the world. To block entire classes of new exploits, Adobe engineers, with the help of their counterparts at Google's Project Zero team, have made two key changes, which were documented in a blog post published Thursday.

The first, which is currently available only in Chrome, is a new partition added to the heap, which is a large pool of computer memory. The partition isolates different types of memory contents, typically known as objects, from each other so one can't be used to hijack or otherwise tamper with another. Heap partitioning has long been a mainstay in Chrome and other browsers. Now it's a key defense in Flash.

Read 7 remaining paragraphs | Comments

 

Newly released e-mails from Hacking Team, the now-embattled Italian spyware firm that sold what it claims is lawful intercept software to companies and governments, definitively show that it sold its Remote Control System surveillance software to the Federal Security Service of the Russian Federation (FSB), the successor agency to the KGB.

Officially, Hacking Team sold its wares to a company called "Advanced Monitoring," whose corporate parent has a license to work with the FSB, as recently as August 28, 2014. That would put the Italian firm in violation of the July 31, 2014 European Union regulation that forbids selling such technology, whether directly or indirectly, to the Russian military.

It also seems odd that Hacking Team would sell on one side of the Atlantic to Western agencies like the US Army while also selling to the FSB. In its most recent human rights report, the United States Department of State refers to Russia as a "highly centralized, increasingly authoritarian political system."

Read 31 remaining paragraphs | Comments

 
LinuxSecurity.com: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: - Fix for CVE-2015-2141
 
LinuxSecurity.com: - Fix for CVE-2015-2141
 
LinuxSecurity.com: ## 7.x-2.0-alpha9**This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.**Changes since 7.x-2.0-alpha8:* Issue #2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in PuSHSubscriber.inc* Issue #2502419 by klausi: Log messages XSS attack vector* Issue #1848498 by twistor: Respect allowed file extensions in file mapper
 
LinuxSecurity.com: Security fix for CVE-2015-3192
 
LinuxSecurity.com: ## 7.x-2.0-alpha9**This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.**Changes since 7.x-2.0-alpha8:* Issue #2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in PuSHSubscriber.inc* Issue #2502419 by klausi: Log messages XSS attack vector* Issue #1848498 by twistor: Respect allowed file extensions in file mapper
 
LinuxSecurity.com: Security fix for CVE-2015-3192
 
LinuxSecurity.com: Besides other changes, this update mitigates this vulnerability:https://access.redhat.com/security/cve/CVE-2015-3243
 
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.
 
Microsoft Internet Explorer CVE-2015-2412 Information Disclosure Vulnerability
 
Adobe Reader and Acrobat JavaScript API Execution Multiple Security Bypass Vulnerabilities
 
Oracle E-Business Suite Servlet URL Redirection Vulnerability
 

About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal.

Did you know you can have all EXEs of running processes scanned with VirusTotal?

In Process Explorer, add column VirusTotal:

Enable VirusTotal checks:

And accept the VirusTotal terms:

(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicitly instruct it to submit a file).

And now you can see the VirusTotal scores:

Process Explorer is not the only Sysinternals tool that comes with VirusTotal support. Ill showcase more tools in upcoming diary entries.

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
PHP CVE-2015-4642 OS Command Injection Vulnerability
 
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks
 
Internet Storm Center Infocon Status