Information Security News
PacketSled CEO to Present at AGC's 10th Annual West Coast InfoSec and ...
SYS-CON Media (press release)
SAN FRANCISCO, Feb. 24, 2014 /PRNewswire/ -- PacketSled, the leading innovator in real-time Security Intelligence and Analytics for advanced targeted attacks, will be presenting at America's Growth Capital (AGC) Tenth Annual West Coast InfoSec and ...
Skyera CEO Presents at AGC Partners' 10th Annual West Coast Information ...
FCKEditor (now known as CKEditor ) is a popular full featured GUI editor many web sites use. For example, you frequently find it with blog systems like WordPress or as part of commenting/forum systems. As an additional feature, a filemanager can be added to allow users to upload images or other files. Sadly, while a very nice and functional plugin, this features if frequently not well secured and can be used to upload malicious files. We have seen some scans probing specifically for this file manager plugin:
GET /editor/editor/filemanager/connectors/uploadtest.html HTTP/1.1
GET /editor/editor/filemanager/upload/test.html HTTP/1.1
GET /editor/editor/filemanager/browser/default/connectors/test.html HTTP/1.1
GET /editor/editor/filemanager/connectors/test.html HTTP/1.1
GET /admin/fckeditor/editor/filemanager/connectors/test.html HTTP/1.1
GET /FCKeditor/editor/filemanager/upload/test.html HTTP/1.1
GET /Fckeditor/editor/filemanager/browser/default/connectors/test.html HTTP/1.1
GET /admin/FCKeditor/editor/filemanager/connectors/uploadtest.html HTTP/1.1
GET /admin/FCKeditor/editor/filemanager/upload/test.html HTTP/1.1
GET /Fckeditor/editor/filemanager/connectors/test.html HTTP/1.1
GET /admin/fckeditor/editor/filemanager/browser/default/connectors/test.html HTTP/1.1
GET /FCKeditor/editor/filemanager/connectors/uploadtest.html HTTP/1.1
I am still looking for any samples of files these script attempt to upload. If you got any, please let use know.
The Apache folks have released version 2.4.9 of their ubiquitous web server. This one fixes a couple of security vulnerabilities along with some other bug fixes, one in mod_log_conifg having to do with issues with truncated cookies and one in mod_dav that was a potential denial of service. Expect most of the Linux distros to apply the appropriate fixes shortly, but if you are building from source or running on a platform that won't push the updates to you, go grab the update.
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
by Sean Gallagher
For about a half hour on Saturday, some requests to one of Google’s DNS servers in the US were re-routed through a network in Venezuela. A false Border Gateway Protocol (BGP) announcement from the Venezuelan network caused the diversion, which affected networks primarily in Venezuela and Brazil, as well as a university network in Florida. It all started at 5:23pm Greenwich Time (UTC).
Andree Toonk of the network monitoring service BGPmon.net told Ars that the false routing request was dropped 23 minutes later, “most likely because the network that announced this route realized what happened and rolled back the change (to their router) that caused this.” During the intervening period, he said, traffic may have been re-routed back to Google, or it just may have been dropped. The result was failed DNS requests for those on the affected networks.
Network rerouting through bogus BGP “announcements”—advertisements sent between routers that are supposed to provide information on the quickest route over the Internet to a specific IP address, such as the Google DNS service’s 220.127.116.11—have become increasingly common as a tool for Internet censorship. They're used to stage “man-in-the-middle” attacks on Web users and to passively monitor traffic to certain domains.
Investigators have identified more victims of a botnet that collects payment card data and other sensitive information by preying on websites running poorly secured installations of Adobe's ColdFusion Web server platform.
Car manufacturer Citroën and e-commerce sites Elightbulbs.com and Kicherlightinglights.com were named in two media reports published Monday, one by The Guardian and the other by KrebsOnSecurity. The reports highlight the harm that can continue to occur as a result of vulnerabilities even months after they're patched by Adobe and other developers. A separate article by reporter Brian Krebs published last week revealed jam and jelly maker Smuckers and credit card processor SecurePay were also hit by similar attacks. Krebs said several unidentified sites were affected as well.
The reports come five months after federal prosecutors charged a 28-year-old UK man of hacking thousands of computer systems, many of them belonging to the US government. The man stole massive quantities of data that resulted in millions of dollars in damages to victims, and many of those breaches were the result of hacks that exploited ColdFusion. Similar attacks were reported 11 months ago, including one that hijacked a server hosting provider and exposed sensitive customer data. Complicating matters was the October discovery of server hosting ColdFusion source code. The server was operated by criminals who obtained the code after breaching Adobe's corporate network, Krebs reported at the time.
Posted by InfoSec News on Mar 17http://dailycaller.com/2014/03/15/ex-bush-admin-official-internet-giveaway-weakens-cybersecurity-opens-door-to-web-tax/
Posted by InfoSec News on Mar 17http://www.thenews.com.pk/Todays-News-3-238069-KSE-to-hire-information-security-expert
Posted by InfoSec News on Mar 17http://www.washingtonpost.com/politics/gone-phishing-army-uses-thrift-savings-plan-in-fake-email-to-test-cybersecurity-awareness/2014/03/13/8ad01b84-a9f3-11e3-b61e-8051b8b52d06_story.html