Hackin9

InfoSec News

Microsoft CEO Steve Ballmer feels intensely fortunate that his company's US$44 billion bid for Yahoo back in 2008 never materialized.
 
Those of you that are Oracle product users will be used to the quarterly Critical Patch Update. In case you missed it, it was released on the 17th. There is a patch out for most of the major products. Detailed information can be found here http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
The appendix of the above note shows the affected CVEs and the associated CVSscores. The criteria for the scores are shown, so you should be able to determine the local impact for your organisation.
If you are running Oracle I suggest you start looking at these sooner rather than later, especially if you need to comply with PCIDSSand your onsite audit is getting near.
Mark H (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Yes, the tittle probably makes no sense at first, but keep reading...:)
Today was a pretty good day if you like malware and RE...
Symantec, McAfee and F-Secure, to name a few security vendors, released information about what they are calling DuQu...yes, I agree that it is a terrible name, but it is because this malware creates some files on the user's temp folder, that starts with ~DQXXX.tmp (where the XXX can be any number)...
There are several common aspects between DuQu and Stuxnet that leads to the conclusion that they were written by the same group.
While the original Stuxnet was focused on Industrial systems, aka SCADA, this DuQu malware is mostly used on a recon process, and being used as an advanced RAT (Remote Administration Tool). Forget about Gh0st RAT or BlackShades RAT, just to name two famous ones...those are totally amateurs when compared to DuQu.
DuQu received commands via an encrypted config file, and seems to download a password stealer that is able to record several behaviors from user and machine and send to a Command and Control IP in India.
Like some of the components of the original Stuxnet, this one was also able to decrypt and extract additional components embedded into other PE files...fantastic!
Oh, and like Stuxnet, some components had a VALID digital signature...:)
And before I forget, according Symantec report, new samples with compilation time of October 17th were discovered and are still being checked...
Agree that it is a good day for Reverse Engineers?
_______________________________________________
Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sony's PlayStation Vita portable game console will go on sale on Feb. 22 in the Americas and Europe, Jack Tretton, President and CEO of Sony Computer Entertainment of America, announced at Web 2.0 Summit.
 
Developers at the BlackBerry DevCon in San Francisco on Tuesday gave Research In Motion high marks for laying out a clear operating system strategy and standing by its PlayBook tablet.
 
Intel on Wednesday reported profit and revenue gains for the third quarter of fiscal 2011 on strong PC and server chip sales, overcoming a drop in Atom tablet and netbook chip sales.
 
Oracle Sun Products Suite CVE-2011-2292 Local Solaris Vulnerability
 
Oracle PeopleSoft CVE-2011-3529 Remote PeopleSoft Enterprise HRMS Vulnerability
 
Oracle Sun Products Suite CVE-2011-2286 Remote Vulnerability
 
Oracle Sun Products Suite CVE-2011-3507 Remote Oracle Communications Unified Vulnerability
 
Yahoo reported steep declines in revenue and profit for the third quarter, pulled down by weak ad sales and the failure of its search partnership with Microsoft to yield strong returns.
 
Intel on Wednesday reported profit and revenue gains for the third quarter of fiscal 2011 on strong PC and server chip sales, overcoming a drop in Atom tablet and netbook chip sales.
 
The developers behind Apache Cassandra are confident that their distributed database management system is ready for general enterprise use, and, after three years of development, have released version 1.0 of their open-source software.
 
Oracle Sun Product Suite CVE-2011-3537 Local Vulnerability
 
Oracle Sun Products Suite CVE-2011-3506 Remote Oracle OpenSSO Vulnerability
 
Oracle PeopleSoft Products CVE-2011-3533 Remote PeopleSoft Enterprise HRMS Vulnerability
 
Oracle Sun Solaris CVE-2011-3542 Local Vulnerability
 
Internet companies need to build consumer privacy and data controls into their online services to protect their brands, gain trust from their users, avoid civil lawsuits and prevent government probes, according to two regulators from the U.S. and Canada.
 
In Gartner's list of the top 10 trends in IT infrastructure and operations are multiple threats and opportunities for data center operations.
 
Foursquare wants its mobile geolocation-based application to increasingly require less and less manual use and instead work in the background as people move around, automatically pushing notifications, recommendations and reminders to them, the company's CEO said on Tuesday.
 
Apple today reported near-record revenues, saying that it had sold 17 million iPhones and 11.1 million iPads in the third quarter.
 
Symantec researchers said an early analysis of Duqu has found that it could be a precursor to a future Stuxnet-like attack.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
If you're going to need hard drives this year or early next year, it would be smart to get your sources locked in now.
 
Security vendor Symantec is warning of a new malware threat that it says could be a precursor to the next Stuxnet.
 
It's not the iPhone 5, but it's far from disappointing.
 
Last week Apple made the cloud cool with the launch of iCloud. Apple's iCloud is certainly not the first cloud syncing and storage service, but the Apple stamp of approval moves the concept from cutting edge fringe into the tech mainstream. Cloud storage rivals are ready to take advantage of the spotlight on cloud syncing and storage, and go head to head with iCloud with new offers and services of their own.
 
[ MDVSA-2011:156 ] tomcat5
 
Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection
 
[email protected] 2.4.10 SQL Injection & XSS vulnerabilities
 
[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin
 
Research In Motion introduced a common platform for smartphones, the PlayBook tablet and embedded systems under the QNX operating system on Tuesday, calling it BBX.
 
The HP TouchPad hasn't gone the way of the dodo bird just yet, as Hewlett-Packard announced Tuesday that an over-the-air update to WebOS 3.0.4 is now available.
 
A Massachusetts congressman has asked Amazon.com to spell out whether and how its upcoming Silk browser will collect information from users when the retail giant launches its Kindle tablet next month.
 
The new Motorola Droid Razr will be the world's thinnest 4G LTE smartphone when it ships in November for Verizon Wireless.
 
As Hewlett-Packard waffles on whether it will continue to produce computers, the CEO of rival Dell Inc. said HP's customers are losing confidence and looking to other vendors
 
There may be a day when automation takes over human decision making in business.
 
Can we apply some of the thinking that resulted in the iPhone and the iPod to the IT security world?
 
Joomla! 'com_jfuploader' Arbitrary File Upload Vulnerability
 
phpMyAdmin Setup Interface Cross Site Scripting Vulnerability
 

===============
Rob VandenBrink
Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
If we think our digital devices are just about data, we're missing the point, an Intel executive said.
 
Apple enterprise expert Aaron Freimark discusses email and iCloud sandboxing for iPhone and iPads running iOS 5. Insider (registration required)
 
The technology that makes up many of the systems in the IT world today is at a critical juncture and in the next five years everything from mobile devices and applications to servers and social networking will impact IT in ways companies need to prepare for now, Gartner Vice President David Cearley says.
 
VMware hopes to simplify management and help enterprises virtualize more of their infrastructure, with new and updated software suites announced at VMworld Europe in Copenhagen.
 
Congress needs to pass legislation that would require law enforcement agencies to get permission from a judge before tracking suspects through their mobile phones, two U.S. lawmakers said.
 
PHP 'ZipArchive::addGlob' and 'ZipArchive::addPattern' Denial Of Service Vulnerabilities
 
Oracle on Tuesday will release 76 patches affecting hundreds of its products as well as Java SE.
 
Oracle said it will acquire Endeca Technologies, a Cambridge, Mass.-based vendor of software for unstructured data analytics and business intelligence, for an undisclosed sum.
 
Distributed denial of service and SQL injection are the main types of attack discussed on hacking forums, according to new research from security vendor Imperva.
 
Piwik Prior to 1.6 Multiple Unspecified Security Vulnerabilities
 
HP Data Protector Unspecified Remote Code Execution Vulnerabilities
 
EMC today reported sales nearly $5 billion in revenue in the third quarter, an increase of 18% from the same period last year.
 
The U.S. government is keeping a wary eye on what it says is hacking collective Anonymous' growing interest in attacking critical infrastructure targets.
 

Move is part of an industry trend that turns threat intelligence data into actionable information.

Symantec is bolstering its DeepSight service and integrating its VeriSign acquisition.

The company recently announced its new Intelligent Authentication platform, which addresses secure access to web-based applications and services. Symantec is also releasing new feeds for its DeepSight Threat Management system, improving the platform’s ability to block known malicious IPs and website URLs.

The Symantec VIP Intelligent Authentication services is a rebranding of the VeriSign’s authentication business it acquired last year for $1.28 billion. Symantec is integrating the VeriSign services to offer cloud-based authentication services for Web-based applications and remote access via mobile devices.

The VIP Intelligent Authentication gives Symantec users the ability to provide two-factor authentication and monitor devices, scoring them based on their reputation and user behavior. The system works b y using the VeriSign reputation database to assign a risk score to devices. Companies can set policies that issue an additional challenge to high risk devices, either via an SMS text message, email or phone call.

Analysts said VeriSign’s cloud-based strong authentication is a mature service. The company anticipated the need for the authentication services long before its competitors.

Symantec’s beefed up DeepSight Threat Management service now has IP reputation and URL reputation data feeds. The XML feeds enable companies to use them in Web security gateways and other incident management systems to blacklist up to 100,000 malicious IP addresses and thousands of known malicious websites. The company is following one of its chief competitors, RSA, which announced in August that it wasadding malicious malware domain feeds to its CyberCrime Intelligence Service.

“This helps customers stay ahead of cybercriminals in a way that doesn’t burden their internal security teams,” said David Doroson, director of product marketing at Symantec. “It also lets end users continue to do what their supposed to do.”

Security vendors have been expanding their intelligence services in recent years, according to Scott Crawford, managing research director of security and risk at Boulder, Colo-based Enterprise Management Associates. Crawford told Information Security magazine that a variety of services exist enabling companies to customize vulnerability alerts (Secunia) or threat feeds (Cyveillance, iDefense, Vigilant) so the information can be fed into security informaiton and event management SIEM systems, vulnerability management platforms or governance, risk and compliance (GRC) suites.

“This suggests the rise of a new approach to security practice, one where defense becomes a function of visibility, and where automation is more dynamically and responsively defined by investigative expertise,” Crawford wrote.

In our recent Eye On CISO Management Issues, we tried to explain how IT security pros are turning threat data into actionable information. Certainly, threat management services and the XML feeds provided by the services could help bolster systems already in place if they are carefully applied.


="both" style="clear: both;"/> Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
This diary has been posted on behalf of Russ McRee.
Those of you who are regularly committed to the task of protecting your enterprise from malware are

well aware of the pain points. Critical Control 12: Malware Defenses offers nine prospects for success in

the battle against a continuous and pervasive challenge.



Amongst the quick wins are easier methods such as preventing auto-run content; in the context of share

jumping worms such as Harakit/Renocide this will definitely help, but there are additional tactics that

supplement the list found in Critical Control 12.



1) In general, is there really a need to allow initiated outbound sessions from the likes of

production web servers? Preventing web browsing from production environments will definitely

cause whining but it can reduce the attack surface significantly



2) Commercial SIEMs clearly support #6 (automated monitoring tools should use behavior-based

anomaly detection) but correlation needn deviation from established, tested standards risks

further outbreak. There are somewhat dated resources to draw from to help define initial

process, including NIST and CERT but theres a critically important component related to the

overall malware incident response process for you to consider. DRILL! If you dont practice

this activity (actual response as well as transport and analysis) on a regular basis you cant

know what you dont know. Operate under the premise that no battle plan survives contact

with the enemy youll be more likely to survive contact. Undertake this activity with other

teams upon which you have dependencies. Trying to quarantine an outbreak on specific VLANs

without the help of your network team, or deploying an emergency hotfix or patch without your

systems admins wont make for a very good drill or tabletop exercise. Varying scenarios (worms

vs. Zeus vs. APT) will help test the boundaries of your skillsets as well.



Whats working for you in the fight against malware? Let us know via the comment form. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
To get the most out of business intelligence projects, companies need a top-down commitment that permeates the entire organizational culture. At 1-800-Flowers.com, for example, achieving pervasive BI has been a 10-year commitment. Insider (registration required)
 
With Twitter handling a quarter of a billion tweets a day, company CEO Dick Costolo said he's focusing on keeping things simple.
 
Fragmentation and bugs beset the popular mobile platform, and the 'Ice Cream Sandwich' update details remain a mystery
 
The hottest new Android smartphone challenger to the wildly successful iPhone 4S will be launched by Samsung and Google in Hong Kong within 12 hours, insiders say.
 
A U.K. hacker fighting extradition to the U.S. may have lost one avenue for argument after an independent review panel concluded the U.K.-U.S. extradition treaty is not slanted against U.K. defendants.
 
For months, Luo Xiaoqiang has lived with an odor she describes as a mix of chemical fertilizer and burning plastic.
 
The Jazz Montreux Festival will soon offer four decades of performances from artists such as Ella Fitzgerald, Sting, BB King and Led Zeppelin to students and the public through an object-based storage system.
 
Hewlett-Packard on Monday announced new servers that come pre-configured with Microsoft software to help companies deploy virtualized workloads more quickly.
 
A Republican lawmaker has submitted legislation that would make foreign students who earn advanced degrees in science, technology, engineering or math at U.S. universities automatically eligible for a green card or permanent residency if they have a job offer.
 
With a noticeably faster dual-core A5 processor, more storage, an improved 8-megapixel camera, a revamped antenna design and an AI assistant called Siri, the new iPhone impresses.
 
Here's how four organizations -- the Library of Congress, Mazda, Nielsen and Amazon.com -- manage their massive data stores.
 
With Twitter handling a quarter of a billion tweets a day, company CEO Dick Costolo said he's focusing on keeping things simple.
 
Twitter and Google can't reach an agreement on Realtime Search, but Twitter's CEO isn't giving up.
 
Apple on Monday instituted a reservation-only policy for iPhone 4S retail sales, hinting at a repeat of the smartphone's annual supply-and-demand mismatches.
 
The U.S. International Trade Commission said on Monday that Apple did not violate four patents held by HTC, which said it intends to appeal.
 

Posted by InfoSec News on Oct 17

http://www.eweek.com/c/a/Security/Hackers-Share-Attack-Techniques-Beginner-Tutorials-on-Online-Forum-198088/

By Fahmida Y. Rashid
eWEEK.com
2011-10-17

Hackers are often perceived as isolated, alienated individuals, working
alone or in small groups. In reality, hackers are quite social,
frequenting online forums and chat rooms to brag about their exploits,
exchange tips and share knowledge, according to a recent analysis of
hacker activity....
 

Posted by InfoSec News on Oct 17

http://news.cnet.com/8301-27080_3-20121500-245/citigroup-ceo-targeted-by-hackers-over-protest-arrests/

By Elinor Mills
InSecurity Complex
CNet News
October 17, 2011

Hackers released personal information about the head of Citigroup today
in retaliation for the arrest of protesters during the Occupy Wall
Street demonstrations this weekend.

The data on Vikram Pandit, Citigroup's chief executive officer, includes
phone numbers, address,...
 

Posted by InfoSec News on Oct 17

http://koreajoongangdaily.joinsmsn.com/news/article/Article.aspx?aid=2942922

By Kwon Sang-soo
Korea JoongAng Daily
Oct 18, 2011

The hacker who alledgedly stole the personal information of thousands of
Hyundai Capital customers has been arrested in the Philippines.

The Seoul Metropolitan Police Agency’s cyber investigation unit
confirmed yesterday that the suspect, surnamed Shin, 37, was arrested by
Filipino police earlier this month and...
 

Posted by InfoSec News on Oct 17

http://features.techworld.com/security/3311064/after-stuxnet-a-rush-to-find-bugs-in-industrial-systems/

By Robert McMillan
Techworld.com
16 October 2011

Kevin Finisterre isn't the type of person you expect to see in a nuclear
power plant. With a beach ball-sized Afro, aviator sunglasses and a
self-described "swagger," he looks more like Clarence Williams from the
'70s TV show "The Mod Squad" than an electrical...
 

Posted by InfoSec News on Oct 17

http://www.theregister.co.uk/2011/10/18/anonymous_threatens_scada/

By Dan Goodin in San Francisco
The Register
18th October 2011

Members of the Anonymous hacking collective are increasingly interested in
attacking industrial control systems used to automate machinery used by
factories, power stations, water treatment plants, and other facilities
critical to national security, the Department of Homeland Security warned last
month.

In a...
 

Posted by InfoSec News on Oct 17

http://www.washingtonpost.com/world/national-security/us-cyber-weapons-had-been-considered-to-disrupt-gaddafis-air-defenses/2011/10/17/gIQAETpssL_story.html

By Ellen Nakashima
The Washington Post
October 17, 8:26 PM

Top Pentagon officials considered using their secretive arsenal of
cyberweapons to disrupt Libya’s air defenses before deciding that bombs
would be the better option for preparing the way for U.S.-led coalition
airstrikes.

The...
 

Posted by InfoSec News on Oct 17

http://www.csoonline.com/article/691910/new-social-engineering-poll-reveals-which-scam-works-better

By Joan Goodchild
Senior Editor
CSO
October 17, 2011

Which tactic works best for a scamming social engineer? Acting like an
authority figure and requiring a victim to answer questions and give up
sensitive information? Or acting like a nice, trustworthy person who
strikes up a friendly conversation and just needs the victim to tell
them a few...
 
Internet Storm Center Infocon Status