Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
NISTs National Cybersecurity Center of Excellence (NCCoE) has posted a revised draft of a building block to help enterprises address security issues that result from the use of mobile devices to access company resources. The NCCoE ...
 
Goodwill Industries was one of three companies affected by an attack on a retail managed service provider that went undetected for over 18 months.

In July, it was revealed that Goodwill Industries had suffered from a credit card data breach that affected the charitable retailer’s stores in at least 21 states. The Goodwill breach seemed by many to be just the latest case of criminals taking advantage of the weak underbelly of retailers—their point-of-sale systems. But now, as it turns out, the Goodwill breach was just part of a much larger attack on an outside managed service provider that affected at least two other companies. And many more may have been affected without their knowledge.

Security reporter Brian Krebs first broke the news on the Goodwill breach in July, and traced the breach back to C&K Systems, a reseller of retail software systems from NCR, Retail Pro, and other retail software and systems providers. Goodwill had outsourced much of the operation of its retail systems, including its point-of-sale (POS) systems, to C&K through a managed service contract.

In a statement published on Monday, C&K Systems admitted that they had suffered a breach of point-of-sale systems tied to their “Hosted Managed Services Environment.” The company determined with the assistance of outside forensic investigators that the breach began sometime in early 2013. “The unauthorized access affected our Hosted Management Services Platform intermittently between February 10, 2013 and August 14, 2014.”

Read 11 remaining paragraphs | Comments

 

An email titled "Your online background check is now public" might be half-scary if it was sent to a real person. But if it is a bunch of honeypot email addresses that have nobody associated to them in real life, and they get half a dozen of these emails per week, then it can only be spam, scam, or - most likely - both.

After tolerating and binning these noisy emails for a number of weeks, we finally decided to take a look-see on what is behind them. Turns out they all lead to "instantcheckmate-dot-com", who are peddling "background investigation services".

Sadly, the "background check" for our Honeypot actually wasn't all that extensive. I would have loved to read about the sleazy hidden life of our little Honeypot, especially its speeding tickets (highly unlikely, it is an old i486) and its convictions for possession (more likely, given that on past occasions, smoke has been seen coming from the enclosure), or its sex offenses (unlikely again, given that its ports are all serial, and its slots are all ISA :).

We didn't try the Instant Checkmate "service", so I can't tell if its any good. But given that its offerings apparently need to be spammed, and the spammed URLs change daily, and redirect across four hops to end up on tcgtrkr-dot-com, and finally on instantcheckmate, I'd say the odds are they ain't up to much good.

If you own this "service", you are welcome to comment, after all, your background check is now public :). If you prefer not to comment, you might want to consider removing email addresses that have the word "sans" in them from your spam list, maybe?

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Libav could be made to crash or run programs as your login if it opened aspecially crafted file.
 
LinuxSecurity.com: Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: This update provides stability updates for OpenJDK 7.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Several security issues were fixed in APT.
 
LinuxSecurity.com: Security Report Summary
 
APPLE-SA-2014-09-17-2 Apple TV 7
 
APPLE-SA-2014-09-17-1 iOS 8
 

The Citadel trojan, a popular program used by cybercriminals to gather banking credentials and steal money from accounts, has become the latest financial malware to be repurposed as a tool to steal industrial secrets—this time from petrochemical companies in the Middle East.

During mid-summer, unknown attackers used the program to gather data, including e-mail messages and credentials, from the firms, IBM Trusteer stated in an analysis published on Monday. The company's researchers identified Citadel as the malware used to infect and steal data from the companies, which included "one of the largest sellers of petrochemical products in the Middle East and a regional supplier of raw petrochemical materials," the analysis stated.

The attack shows that either cybercriminals are branching out into stealing valuable industrial secrets or that industrial and nation-state spies are using off-the-shelf malware and opportunistic infections to gather sensitive information, says Dana Tamir, director of enterprise security for IBM Trusteer.

Read 7 remaining paragraphs | Comments

 
Adobe Reader and Acrobat CVE-2014-0561 Heap Based Buffer Overflow Vulnerability
 
Reflected Cross-Site Scripting (XSS) in MODX Revolution
 
Path Traversal in webEdition
 
The U.S. Department of Commerceaposs National Institute of Standards and Technology (NIST) today announced nearly $3 million in grants that will support projects for online identity protection to improve privacy, security and ...
 
Microsoft Internet Explorer 'CAttrValue' Style Attribute Remote Memory Corruption Vulnerability
 
Libav Media File Handling Denial of Service Vulnerability
 
Adobe Reader and Acrobat CVE-2014-0567 Heap Based Buffer Overflow Vulnerability
 
Microsoft Internet Explorer CVE-2014-4101 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-4092 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-4079 Remote Memory Corruption Vulnerability
 
Microsoft Lync Server CVE-2014-4071 Remote Denial of Service Vulnerability
 
Microsoft Lync Server CVE-2014-4068 Remote Denial of Service Vulnerability
 
Microsoft Lync Server CVE-2014-4070 Cross Site Scripting Vulnerability
 
D-Bus CVE-2014-3637 Denial of Service Vulnerability
 
D-Bus CVE-2014-3639 Denial of Service Vulnerability
 
D-Bus CVE-2014-3636 Denial of Service Vulnerability
 
Microsoft Internet Explorer CVE-2014-4107 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-4105 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-4103 Remote Memory Corruption Vulnerability
 
MIUI Torch Open Vulnerability
 
MIUI Wifi Connection Message Vulnerability
 
Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)
 
[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow
 

Posted by InfoSec News on Sep 17

http://www.finextra.com/news/fullstory.aspx?newsitemid=26446

Finextra.com
15 September 2014

Nigerian police are on the hunt for an IT staffer at Skye Bank who hacked
into the bank's systems and transferred $40 million to a raft of bogus
accounts before going on the run.

Thirty-eight year old Isoko resident Godswill Oyegwa Uyoyou is alleged to
have conspired with a criminal gang to access the bank's computer system
and inflate the...
 

Posted by InfoSec News on Sep 17

http://arstechnica.com/security/2014/09/hacker-exploits-printer-web-interface-to-install-run-doom/

By Sam Machkovech
Ars Technica
Sept 15 2014

On Friday, a hacker presenting at the 44CON Information Security
Conference in London picked at the vulnerability of Web-accessible devices
and demonstrated how to run unsigned code on a Canon printer via its
default Web interface. After describing the device's encryption as
"doomed,"...
 

Posted by InfoSec News on Sep 17

http://www.computerworld.com/article/2684180/hackers-had-access-to-goodwill-hosting-provider-for-18-months.html

By Jeremy Kirk
IDG News Service
Sep 16, 2014

Hackers evaded security systems for a year-and-a-half at a hosting center
that processed payment cards for Goodwill Industries, using the same type
of malware that struck Target and other major retailers to steal card
data, according to the charity's software vendor.

In its first...
 

Posted by InfoSec News on Sep 17

http://www.computing.co.uk/ctg/news/2369726/jp-morgan-denies-that-system-blueprints-were-stolen-in-june-cyber-attack

By Graeme Burton
Computing.co.uk
16 Sep 2014

More details have emerged about the attack on banking giant JP Morgan,
which saw sensitive banking systems hacked and details about clients and
deals apparently transmitted to systems in Russia.

The breach occurred in June, but has only recently been disclosed.

According to the...
 

Posted by InfoSec News on Sep 17

http://www.itpro.co.uk/security/23124/amazon-fixes-security-flaw-in-kindle-ebooks

By Clare Hopping
IT Pro
17 Sep, 2014

Amazon has responded to complaints about malware present on Kindle ebooks
by fixing the security flaw.

Yesterday, it was revealed that some ebooks downloaded from the internet
were installing malware on the ereader, meaning hackers could potentially
gain access to users' Amazon accounts or personal details for identity...
 
FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
 
USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability
 
Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280
 
Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308
 

UK.gov lobs another fistful of change at SME infosec nightmares
Register
This has not gone down well with the infosec world. Security experts have said a bigger slice of the UK's £860m cyber security budget ought to be allocated to tackling security problems at the SME level to have any realistic chance of making a difference.

and more »
 

Posted by InfoSec News on Sep 17

http://www.businessweek.com/articles/2014-09-16/home-depot-breach-why-small-merchants-will-pay

By Patrick Clark
Businessweek.com
September 16, 2014

Federal law protects consumers from the cost of fraudulent charges
incurred when thieves steal credit-card and debit-card numbers. That’s
good for the millions of Americans who had their payments data exposed by
the hackers who breached Home Depot’s (HD) computer system earlier this
year....
 

How to talk infosec with kids
Help Net Security
As cybersecurity professionals, we know first-hand how the cyber world is filled with battles between good and evil. But do your kids know that? If you're a parent, like me, chances are you're concerned about your kids using the Internet. As they live ...

and more »
 
Microsoft Internet Explorer 'CFieldSetLayout' Objects Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer 'CHTMLEditorProxy' Objects Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer 'CAttrArray' Objects Remote Memory Corruption Vulnerability
 

How to talk infosec with kids
Help Net Security
I say it's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it's our duty to teach ALL the kids in our life about technology, whether they be our nieces, nephews, grandchildren, neighbors or ...

and more »
 
Internet Storm Center Infocon Status