Hackin9
A company acquired by Google that develops robots for the U.S. military appears to have greatly reduced its dependence on government funding, suggesting a reluctance on Google's part to align itself too closely with military projects.
 
The U.S government can take action to slow the calls in other countries to abandon U.S. tech vendors following revelations about widespread National Security Agency surveillance, some tech representatives said Friday.
 
Want to buy a laptop with bitcoins? Dell is now accepting the digital currency as a form of payment.
 
Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.
 
Microsoft has been screaming "cloud" in many partners' deaf ears for several years, but the company found a more receptive audience at this week's Worldwide Partner Conference.
 
A breakthrough by MIT researchers could change the way Web and mobile apps are written and help companies like Facebook keep the cat videos coming.
 

Over the past few years, consumer-grade routers have emerged as a key security threat. Whether manufactured by Asus, Linksys, D-Link, Micronet, Tenda, TP-Link, or others, small office/home office (SOHO) routers have suffered a variety of real-world attacks that in some cases have allowed hackers to remotely commandeer hundreds of thousands of devices.

Now, security advocates are sponsoring "SOHOpelessly BROKEN," a no-holds-barred router hacking competition at next month's Defcon hacker conference in Las Vegas. The contest will challenge attendees to unleash novel exploits on 10 off-the-shelf SOHO routers running recent firmware versions.

"The objective in this contest is to demonstrate previously unidentified vulnerabilities in off-the-shelf consumer wireless routers," organizers said. "Contestants must identify weaknesses and exploit the routers to gain control. Pop as many as you can over the weekend to win. Contest will take place at Defcon 22, August 7-12, 2014 in the Wireless Village contest area."

Read 1 remaining paragraphs | Comments

 
Google engineers have begun working on a fix for a months-old Chrome bug that drains Windows' laptop batteries, a move triggered by a story on Forbes' website.
 
U.S. Sen. Jeff Sessions Thursday delivered a scalding and sarcastic attack on the use of highly skilled foreign workers by U.S. corporations that was heavily aimed at Microsoft, a chief supporter of the practice.
 
U.S. Sen. Jeff Sessions Thursday delivered a scalding and sarcastic attack on the use of highly skilled foreign workers by U.S. corporations that was heavily aimed at Microsoft, a chief supporter of the practice.
 
System administrators take note: That mobile employee expense app you're building should be every bit as easy to use as Facebook. Oh, and you better deliver it quickly too, because that's how Facebook rolls.
 
Plans to favor some Internet packets over others threaten consumers' hard-won right to use encryption, a digital privacy advocate says.
 
Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.
 

More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.

The products are used to control switches, valves, and other equipment in chemical, manufacturing, energy, and wastewater facilities. Heartbleed is the name given to a bug in the widely used OpenSSL cryptographic library that leaks passwords, usernames, and secret encryption keys. While Siemens has updated some of its industrial control products to patch the Heartbleed vulnerability, others remain susceptible, an advisory published Thursday by the Industrial Control Systems Cyber Emergency Response Team warned.

"The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices," the notice stated. "The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash."

Read 2 remaining paragraphs | Comments

 
Microsoft Internet Explorer CVE-2014-1799 Remote Memory Corruption Vulnerability
 

As reported by Sophos and submitted by multiple ISC readers (thank you), Gameover Zeus is resurfacing.

According to the Sophos post, they have "only seen a few samples of the new version, but it has been distributed through widespread spam campaigns, so the number of infections may already be large. Typical Gameover spams include an attachment pretending to be an account statement."

Malcovery has a related post for your review as does StopMalvertising.

If you spot what you belief are related SPAM samples or actual binaries, please send them our way for analysis.

Russ McRee | @holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Even the most voracious readers will take a few months to get the most out of Amazon.com's latest offer: access to 600,000 e-books and 2,000 audiobooks for a monthly fee of US$9.99. What publishers and authors will get out of it remains to be seen.
 
RubyGems brbackup SQL Injection and Information Disclosure Vulnerabilities
 
ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability
 
Google Drive is an important tool that can deliver even more value with these 25 tips, tools, and tweaks
 
Apple will provide an expanded set of support services to IBM customers with iPhones and iPads under a new enterprise-grade AppleCare plan.
 
The executive in charge of Comcast's support organization is having an interesting week.
 
Microsoft MSN HBE - Blind SQL Injection Vulnerability
 
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)
 
[SECURITY] [DSA 2980-1] openjdk-6 security update
 
[SECURITY] [DSA 2979-1] fail2ban security update
 
TheA TempoA calendar app isn't new; it's been around for about 18 months and was on my Spring 2013 "Best iOS and Android Apps"A list. A new Tempo update brings some new features that make the app even better. I love Tempo for several reasons:
 
If you're holding out for that multi-functional smartwatch of your dreams, Sony is working to add contactless payments to wearables with a new chip.
 
D-Link DAP-1320 'apply.cgi' Directory Traversal and Cross Site Scripting Vulnerabilities
 
LinuxSecurity.com: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical [More...]
 
LinuxSecurity.com: LWP::Protocol::https could be made to expose sensitive information over thenetwork.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated kernel packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Several security issues were fixed in MySQL.
 
LibreSSL PRNG Entropy Weakness
 
U.S. civil rights leader Rev. Jesse Jackson has called on Twitter to release its employee diversity information, which its Silicon Valley peers such as Google, Yahoo, LinkedIn and Facebook have already done.
 
It could take Microsoft a year to lay off the 18,000 workers it plans to cut, resulting in a drawn-out morale-busting process criticized by both labor experts and industry analysts.
 
Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal -- a brand of computerized cash register widely used in the hospitality industry -- on eBay for $200.
 

Posted by InfoSec News on Jul 18

http://krebsonsecurity.com/2014/07/even-script-kids-have-a-right-to-be-forgotten/

By Brian Krebs
Krebs on Security
July 18, 2014

Indexeus, a new search engine that indexes user account information
acquired from more than 100 recent data breaches, has caught many in the
hacker underground off-guard. That’s because the breached databases
crawled by this search engine are mostly sites frequented by young
ne’er-do-wells who are just getting...
 

Posted by InfoSec News on Jul 18

http://www.infosecnews.org/chinese-collegiate-hacking-team-hacks-the-tesla-model-s-well-sort-of/

By William Knowles @c4i
Senior Editor
InfoSec News
July 18, 2014

A team of Chinese collegiate hackers attending the Symposium on Security
for Asia Network conference in Beijing have been succeeded in breaking
into the software used in electric cars made by Elon Musk‘s Palo Alto
California-based Tesla Motors.

The South China Morning Post is...
 

Posted by InfoSec News on Jul 18

http://news.techworld.com/security/3531445/aloha-point-of-sale-terminal-sold-on-ebay-yields-security-surprises/

By Jeremy Kirk
Techworld.com
18 July 2014

Matt Oh, a senior malware researcher with HP, recently bought a single
Aloha point-of-sale terminal -- a brand of computerized cash register
widely used in the hospitality industry -- on eBay for US$200.

Oh found an eye-opening mix of default passwords, at least one security
flaw and a...
 

Posted by InfoSec News on Jul 18

http://www.bankinfosecurity.com/treasurys-new-focus-on-cyber-risks-a-7068

By Tracy Kitten
Bank Info Security
July 17, 2014

Treasury Secretary Jacob Lew this week took the precedent-setting step of
publicly addressing what he referred to as the financial system's
cybersecurity shortcomings. Lew's comments were noteworthy because they
apparently mark the first time a member of the Treasury Department has
directly addressed...
 

Posted by InfoSec News on Jul 18

http://www.csoonline.com/article/2455088/identity-access/why-123456-is-a-great-password.html

By Antone Gonsalves
CSO Online
July 17, 2014

New research shows that "123456" is a good password after all.

In fact, such useless credentials from a security standpoint have an
important role in an overall password management strategy, researchers at
Microsoft and Carleton University, Ottawa, Canada, have found.

Rather than hurt security,...
 

Posted by InfoSec News on Jul 18

http://www.businessweek.com/articles/2014-07-17/how-russian-hackers-stole-the-nasdaq

By Michael Riley
Businessweek.com
July 17, 2014

In October 2010, a Federal Bureau of Investigation system monitoring U.S.
Internet traffic picked up an alert. The signal was coming from Nasdaq
(NDAQ). It looked like malware had snuck into the company’s central
servers. There were indications that the intruder was not a kid somewhere,
but the intelligence...
 

Posted by InfoSec News on Jul 18

http://www.chinadaily.com.cn/opinion/2014-07/18/content_17830716.htm

By Colin Speakman
China Daily
2014-07-18

Tensions are growing amid claims and counter-claims of cyber espionage by
the United States and China. Even the just concluded Sino-US Strategic and
Economic Dialogue in Beijing couldn't ease the tensions.

In May, the US charged, albeit without evidence, five Chinese nationals
with breaking into US companies' systems and...
 

As we learned in Part One of our exploration of Hazrat Supply's series of unfortunate events, our malicious miscreants favored multiple tools. We first discussed developing IOCs for HackTool:Win32/Zeloxat.A which opens a convenient backdoor on a pwned host. One note on that front, during analysis I saw network calls to zeroplace.cn (no need to visit, just trust me) and therefore added matching URI and DNS items to the IOC file. Again, I'll share them all completed for you in a day or two.
I know I promised you an analysis of the svchost dump file Jake provided using Volatility but unfortunately that effort did not bear much fruit; the imagecopy module didn't return actionable results. The actual svchost.exe sample is still an analysis work-in-progress as well given, while certainly malicious, the file we have was not an original payload and is exhibiting limited functionality. I do hope to have insight on that front tomorrow.
That said, one of the other tools that was found on the server by Jake was PWDump7. This is a commonly used tool and is often part of larger hacker or pentester kits; you should be detecting and blocking them both equally :-).
By definition, PwDump7.exe is not malware per se, it's simply a tool that can be used for malicious purposes. It doesn't make file system changes, it doesn't phone home, it doesn't change the registry, but it sure does dump password hashes as seen in Figure 1.

PwDump7

Figure 1

The first reader who emails me (russ @ holisticinfosec dot org) my clear text password from the 500 hash as seen in Figure 1 wins a prize of my choosing (probably shwag or a book), I'll Tweet out the winner. *UPDATE* - We have a winner as of 0146 PST last night, thank you, Martin R. The password for you all is IveBeenHacked.
In the absence of particularly interesting artifacts, can we still create IOCs for hack tools such as PwDump?
But of course!
File name, file size, and hashes are obvious, but what else can we use when so little presents itself with a hack tool that is standalone and basically just runs?
Tools such as PEStudio can give us additional options if we look beyond the obvious. PEStudio, by default, will sort by color coded (red), flagged items. Often this presents some obvious enough indicators but with PwDump7, not so much. But sorting by something different such as Value under Strings and Unclassified gives us a perfectly unique indicator not likely to occur very often, particularly in the context of established file name and hashes. Figure 2 exemplifies.

PEStudio strings result

Figure 2

As such, our IOC elements would be derived as seen in Figure 3.

IOCs for PwDump7

Figure 3

Can't miss with strings keywords like that. :-)
I'll leave you with this. As we've been learning from the kind transparency of Jake and Hazrat Supply, **it happens, it really does.
Just another reason not to tailgate.
Cheers!

Russ McRee | @holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status