PacketSled CEO to Present at AGC's 10th Annual West Coast InfoSec and ...
SYS-CON Media (press release)
SAN FRANCISCO, Feb. 24, 2014 /PRNewswire/ -- PacketSled, the leading innovator in real-time Security Intelligence and Analytics for advanced targeted attacks, will be presenting at America's Growth Capital (AGC) Tenth Annual West Coast InfoSec and ...
Skyera CEO Presents at AGC Partners' 10th Annual West Coast Information ...Sacramento Bee

all 11 news articles »
Sally Beauty Holdings confirmed Monday that it fell victim to a data breach, an incident that may have coincided with a project to update point-of-sale terminals at its U.S. stores, a recent regulatory filing shows.
Enterprises finally started opening their pocketbooks for external storage systems in the final quarter of last year, but economic uncertainty and the appeal of public cloud services continue to hold back the market, according to research company Gartner.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

FCKEditor (now known as CKEditor [1]) is a popular full featured GUI editor many web sites use. For example, you frequently find it with blog systems like WordPress or as part of commenting/forum systems. As an additional feature, a filemanager can be added to allow users to upload images or other files. Sadly, while a very nice and functional plugin, this features if frequently not well secured and can be used to upload malicious files. We have seen some scans probing specifically for this file manager plugin:

HEAD /js/fckeditor/editor/filemanager/connectors/test.html 
HEAD /admin/FCKeditor/editor/filemanager/connectors/test.html 
HEAD /admin/FCKeditor/editor/fckeditor.html
HEAD /include/fckeditor/_samples/default.html 
HEAD /include/fckeditor/editor/filemanager/connectors/test.html
These requests did not set a user agent or a referrer. The following set did however use "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1;" and instead of a HEAD request it used a GET request, indicating that there are different distinct tools looking for the same vulnerability:
GET /editor/editor/filemanager/connectors/uploadtest.html HTTP/1.1
GET /editor/editor/filemanager/upload/test.html HTTP/1.1
GET /editor/editor/filemanager/browser/default/connectors/test.html HTTP/1.1
GET /editor/editor/filemanager/connectors/test.html HTTP/1.1
GET /admin/fckeditor/editor/filemanager/connectors/test.html HTTP/1.1
GET /FCKeditor/editor/filemanager/upload/test.html HTTP/1.1
GET /Fckeditor/editor/filemanager/browser/default/connectors/test.html HTTP/1.1
GET /admin/FCKeditor/editor/filemanager/connectors/uploadtest.html HTTP/1.1
GET /admin/FCKeditor/editor/filemanager/upload/test.html HTTP/1.1
GET /Fckeditor/editor/filemanager/connectors/test.html HTTP/1.1
GET /admin/fckeditor/editor/filemanager/browser/default/connectors/test.html HTTP/1.1
GET /FCKeditor/editor/filemanager/connectors/uploadtest.html HTTP/1.1

I am still looking for any samples of files these script attempt to upload. If you got any, please let use know.

[1] http://ckeditor.com

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Rbovirt Ruby Gem Man in the Middle Vulnerability
389 Directory Server SASL/GSSAPI Authentication Security Bypass Vulnerability

The Apache folks have released version 2.4.9 of their ubiquitous web server.  This one fixes a couple of security vulnerabilities along with some other bug fixes, one in mod_log_conifg having to do with issues with truncated cookies and one in mod_dav that was a potential denial of service.  Expect most of the Linux distros to apply the appropriate fixes shortly, but if you are building from source or running on a platform that won't push the updates to you, go grab the update.





Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Dell has admitted that some of its XPS 12 convertible laptops have "burn-in" issues with the display and is offering to replace affected screens for free, even on systems that are out of warranty.
BGPMon's alert on the detection of the change to the route to Google's primary DNS server.

For about a half hour on Saturday, some requests to one of Google’s DNS servers in the US were re-routed through a network in Venezuela. A false Border Gateway Protocol (BGP) announcement from the Venezuelan network caused the diversion, which affected networks primarily in Venezuela and Brazil, as well as a university network in Florida. It all started at 5:23pm Greenwich Time (UTC).

Andree Toonk of the network monitoring service BGPmon.net told Ars that the false routing request was dropped 23 minutes later, “most likely because the network that announced this route realized what happened and rolled back the change (to their router) that caused this.” During the intervening period, he said, traffic may have been re-routed back to Google, or it just may have been dropped. The result was failed DNS requests for those on the affected networks.

Network rerouting through bogus BGP “announcements”—advertisements sent between routers that are supposed to provide information on the quickest route over the Internet to a specific IP address, such as the Google DNS service’s—have become increasingly common as a tool for Internet censorship. They're used to stage “man-in-the-middle” attacks on Web users and to passively monitor traffic to certain domains.

Read 6 remaining paragraphs | Comments

Samba 'smbcacls' Command Security Bypass Vulnerability
Augeas CVE-2013-6412 Insecure File Permissions Vulnerability
OATH Toolkit 'libpam-oath' Replay Security Bypass Vulnerability
[SECURITY] [DSA 2880-1] python2.7 security update
[ MDVSA-2014:064 ] udisks
[ MDVSA-2014:063 ] x2goserver
[ MDVSA-2014:062 ] webmin
With a new integrated development environment (IDE), Embarcadero Technologies is hoping to ease the burden of application developers who must prepare their creations for more than one operating system (OS).
Courts have generally tended to dismiss consumer class-action lawsuits filed against companies that suffer data breaches if victims can't show that the the breach directly caused a financial hit.
A powerful group of retailers plans to roll out mobile payments in 2014 by scanning barcodes from smartphones, a move that sets up a potential battle with backers of NFC and Google Wallet.
Microsoft today began offering Mac users its OneNote application free of charge, making rumors last week about a release a reality.
Don't panic, Google's Talk and Hangouts services crashed this morning, but now appear to be returning for more and more users.

Investigators have identified more victims of a botnet that collects payment card data and other sensitive information by preying on websites running poorly secured installations of Adobe's ColdFusion Web server platform.

Car manufacturer Citroën and e-commerce sites Elightbulbs.com and Kicherlightinglights.com were named in two media reports published Monday, one by The Guardian and the other by KrebsOnSecurity. The reports highlight the harm that can continue to occur as a result of vulnerabilities even months after they're patched by Adobe and other developers. A separate article by reporter Brian Krebs published last week revealed jam and jelly maker Smuckers and credit card processor SecurePay were also hit by similar attacks. Krebs said several unidentified sites were affected as well.

The reports come five months after federal prosecutors charged a 28-year-old UK man of hacking thousands of computer systems, many of them belonging to the US government. The man stole massive quantities of data that resulted in millions of dollars in damages to victims, and many of those breaches were the result of hacks that exploited ColdFusion. Similar attacks were reported 11 months ago, including one that hijacked a server hosting provider and exposed sensitive customer data. Complicating matters was the October discovery of server hosting ColdFusion source code. The server was operated by criminals who obtained the code after breaching Adobe's corporate network, Krebs reported at the time.

Read 4 remaining paragraphs | Comments

Siemens SIMATIC S7-1500 CVE-2014-2251 Insufficient Entropy Vulnerability
Siemens SIMATIC S7-1500 CVE-2014-2248 Arbitrary URI Redirection Vulnerability
Siemens SIMATIC S7-1500 CVE-2014-2257 Denial of Service Vulnerability
Siemens SIMATIC S7-1500 CVE-2014-2246 Unspecified Cross Site Scripting Vulnerability
Social media is ubiquitous in today's digital world, so you can bet your next star employee is out there sharing, liking and tweeting. Here's how to leverage social networking technology to effectively target and recruit IT candidates.
Microsoft is bringing LTE mobile broadband to its Surface 2 tablet with a new model that will start shipping on Tuesday for US$679.
LinuxSecurity.com: Multiple vulnerabilities was discovered and corrected in webmin: Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, SA51201). [More...]
LinuxSecurity.com: FreeType could be made to crash or run programs as your login if it openeda specially crafted font file.
LinuxSecurity.com: Librsvg could be made to expose sensitive information.
LinuxSecurity.com: This update provides a compatibility fix for GTK+.
LinuxSecurity.com: New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: Updated oath-toolkit packages fix security vulnerability: It was found that comments (lines starting with a hash) in /etc/users.oath could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP vulnerable to replay attacks [More...]
When a world that's characterized by ubiquitous data collection and surveillance can lose sight of a jumbo jet, you start to question the worth of all that spying on us.
An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who compromised the blog of Mt. Gox CEO Mark Karpeles also contains bitcoin-stealing malware for Windows and Mac.
One of the government opposition websites blocked last week by Russian officials recommended that users circumvent the access shut-off by running Opera Software's desktop browser.
GNUboard 'ajax.autosave.php' Multiple SQL Injection Vulnerabilities
Vodafone Group continues to strengthen its fixed network holdings by acquiring Spanish cable operator Ono for $10.1 billion.
Google Chrome CVE-2014-1705 Remote Code Execution Vulnerability
IBM said it has not provided client data to the U.S. National Security Agency or any other government agency under surveillance programs involving the bulk collection of content or metadata.
In this step-by-step guide, Mark Sobell shows how to start a Linux instance on Amazon Web Services' EC2.
Using mobile devices for one-off printing tasks on office printers may not be a big deal, but Hewlett-Packard is trying to mitigate any security risk through direct wireless printing features it is bringing to enterprise printers.
Twitter may be blocked in China, but that isn't stopping its CEO Dick Costolo from visiting the country this week to learn more about the nation's tech market.
Google on Friday patched several vulnerabilities in Chrome and Chrome OS within 48 hours of their disclosures at last week's Pwn2Own and Pwnium hacking contests.
Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability

Posted by InfoSec News on Mar 17


By Giuseppe Macri
The Daily Caller

The U.S. government's plan to give away authority over the Internet's core
architecture to the "global Internet community" could endanger the
security of both the Internet and the U.S. -- and open the door to a
global tax on Web use.

"U.S. management of...

Posted by InfoSec News on Mar 17


By Shahid Shah
The News
March 14, 2014

KARACHI: The Karachi Stock Exchange (KSE) is hiring the chief information
security officer to ensure security of data, official sources said on

They said four candidates have already been shortlisted for the position.
The acting CISO is conducting interviews of the candidates.

The sources said the decision...

Posted by InfoSec News on Mar 17


By Lisa Rein and Eric Yoder
The Washington Post
March 13, 2014

An ominous e-mail message landed in the inboxes of a small group of U.S.
Army employees last month, warning of a security breach in their federal
retirement plans and urging them to log in and...
Internet Storm Center Infocon Status