Hackin9
Oracle Java SE CVE-2013-2460 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2013-2442 Remote Security Vulnerability
 
Download Lite v4.3 iOS - Persistent File Web Vulnerability
 
IBM Java CVE-2013-3006 Unspecified Arbitrary Code Execution Vulnerability
 
IBM Java CVE-2013-3012 Unspecified Arbitrary Code Execution Vulnerability
 
IBM Java CVE-2013-3011 Unspecified Arbitrary Code Execution Vulnerability
 
Oracle Java SE CVE-2013-2468 Remote Security Vulnerability
 

Posted by InfoSec News on Jul 19

Forwarded from: d.lin (at) icitst.org

Apologies for cross-postings!

Kindly email this Call for Papers to your colleagues,
faculty members and postgraduate students.

CALL FOR PAPERS

************************************************************
The 8th International Conference for Internet Technology and Secured
Transactions (ICITST-2013),
Technical Co-Sponsored by IEEE UK/RI Computer Chapter
December 9-12, 2013, London, UK
(www.icitst.org)...
 

Posted by InfoSec News on Jul 19

http://www.afr.com/p/national/huawei_spies_for_china_says_ex_cia_QoPS9JWsvg6bMYqmPbtqLK

By Christopher Joye
Financial Review
19 JUL 2013

The former head of the US Central ­Intelligence Agency and National
Security Agency, Michael Hayden, believes Chinese telecommunications
manufacturer Huawei Technologies is a significant security threat to
Australia and the US, has spied for the Chinese government, and
intelligence agencies have hard...
 

Posted by InfoSec News on Jul 19

http://www.koreaherald.com/view.php?ud=20130719000709

By Jin Eun-soo and Choi Jung-min
The Korea Herald
2013-07-19

South Korea is taking belated-yet-necessary-steps to train more cyber
security experts following a series of disruptive hacking attacks that
paralyzed broadcasters, banks and government agencies. Ominously, many of
the attacks reportedly originate in North Korea, which is technically
still at war with the South.

“Generally,...
 

Posted by InfoSec News on Jul 19

http://www.computerworlduk.com/news/security/3459487/hackers-breach-nasdaq-community-forum-website/

By Matthew Finnegan
Computerworld UK
18 July 13

Hackers have breached part of Nasdaq’s website, with the stock exchange
group warning members of its community forum that email and password
details have been compromised.

Nasdaq sent an email to users explaining that it had been made aware of
the breach following “standard security...
 
IBM Java CVE-2013-4002 Unspecified Security Vulnerability
 
Advanced Micro Devices hopes for financial stability after years of struggles, but analysts said that a volatile PC market could derail the chip designer's progress.
 

A code of conduct for young hackers
Boing Boing
r00tz is the amazing kid-track of programming at DEFCON, the giant hacker conference held annually in Las Vegas. The organizers have created a "code of conduct" for young hackers that is good advice for anyone doing infosec work, or exploring computers ...

 
Seeking a foothold in more enterprises running Microsoft software, Novell has introduced an application to streamline the process of connecting employees to workspace printers, even if they are using non-Microsoft computers and mobile devices, such as iPhones.
 
SAP has provided an extensive window into the future direction of its HANA in-memory database platform, which has emerged as the central pillar of the company's product strategy.
 
Microsoft's massive $900 million Surface RT gaffe may have been, as one analyst put it, "an absolute abomination" in operations, but the company cannot give up on the ARM-based platform, experts said.
 
Cyber exercises, like the Quantum Dawn 2 drill carried out by dozens of Wall Street firms this week, can be useful in helping financial firms close critical gaps in their incident response capabilities, analysts said.
 
Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
 
Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
 
ActiveMQ Cron Jobs CVE-2013-1879 HTML Injection Vulnerability
 
[security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
 
The day after Microsoft took a $900 million charge against its Surface RT tablet -- sparking rumors it would dump the poor-selling device -- the company unveiled a new ad that took on Apple's iPad by touting the Surface RT's lower price of $349.
 
The Chamber of Commerce and several other organizations to asking a federal court to dismiss a closely watched data breach lawsuit filed by the Federal Trade Commission against Wyndham Worldwide Corp.
 
Re: [Full-disclosure] XSS Vulnerabilities in Serendipity
 
When the Georgia Technology Authority's plan to transform its aging IT infrastructure was failing to deliver, its CIO decided to rework the high-profile IT outsourcing deal it had struck with IBM Global Services and AT&T. The IT team worked with the vendors to get the relationship and the deal back on course.
 
Apple has acquired Locationary, a start-up based in Toronto that provides a platform for aggregating and managing local business listings.
 
MongoDB 'conn' Mongo Object Remote Code Execution Vulnerability
 
SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer
 
The ability to carry a Windows 8 image on a USB stick, plug it into any Windows 8 PC and separate corporate and personal data should appeal to anyone who frequently travels or simply hates lugging a laptop around. But Windows to Go isn't catching on. Will Windows 8.1 change that?
 
Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials
 
DeepSec 2013 - Call for Papers - REMINDER
 
[SECURITY] [DSA 2724-1] chromium-browser security update
 
Verizon Wireless Network Extender Multiple Local Privilege Escalation Vulnerabilities
 
Joomla! Googlemaps Plugin Multiple Remote Security Vulnerabilities
 
Panasonic and its subsidiary Sanyo have agreed to plead guilty to price fixing conspiracies involving laptop battery cells and automotive parts. They will pay a total of $56.5 million in criminal fines, the U.S. Department of Justice (DoJ) said.
 
JBoss RichFaces CVE-2013-2165 Remote Code Execution Vulnerability
 
Microsoft .NET Framework CVE-2013-3171 Remote Privilege Escalation Vulnerability
 
Microsoft .NET Framework CVE-2013-3133 Remote Privilege Escalation Vulnerability
 
Microsoft Silverlight Null Pointer CVE-2013-3178 Remote Code Execution Vulnerability
 

South Korea confronts uphill battle against hackers
The Korea Herald
“The existing security solutions cannot block APT attacks, so we need a new protection system,” said Shin Soo-jung, CEO of information security firm Infosec Co. Amid growing concerns over cyber security, the Korean government announced a comprehensive ...

and more »
 
QNAP's TS-669L can store all your content and play it directly to your TV, though HD playback could be smoother
 
Cellphone users have a reasonable expectation of privacy in their cellphone location information, and police must obtain a search warrant before accessing that information, the Supreme Court of New Jersey ruled Thursday.
 
Google fixed one Wi-Fi security problem with its wearable computer Glass, but Symantec says there's another problem, which has been a long-known weakness in wireless networking.
 
The Chamber of Commerce and several other organizations to asking a federal court to dismiss a closely watched data breach lawsuit filed by the Federal Trade Commission against Wyndham Worldwide Corp.
 
Best Buy has discounted some MacBook Pro laptops by as much as $200, and offered college students another $100 off in a promotion that may hint at impending refreshes of Apple's signature notebook.
 
Microsoft's Business Division, the company's biggest money maker for 10 out of the last 11 quarters thanks to its Office cash cow, was not immune to the historic decline in PC sales.
 
Microsoft Internet Explorer CVE-2013-3162 Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2013-3146 Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2013-3152 Memory Corruption Vulnerability
 
Luke Owen liked working at Rackspace, but he really appreciated the camaraderie he had with some of his fellow employees. They had some ideas about creating a business.
 
StatusNet Multiple SQL Injection Vulnerabilities
 

This week fellow handler Chris posted about gathering intelligence from Blog Spam, and the SANS ISC has posted a number of times about Cyber Intelligence as a valuable resource, and as by now you all should know that Russ may have posted on his Blog about CIF, the Collective Intelligence Framework.

CIF, out of the box links with only a little bit of configuration with a number of automated ingested intelligence feeds, including some from the SANS ISC.

So, once you have all this open source intelligence gathered, we know that one of the powers of CIF is that you can produce SNORT rules, IPTABLES rules etc, but that is only the start.

MITRE has this year released definitions for STIX, TAXII and CYBOX to aid in this space, to allow analysts to describe and transfer cyber intelligence from place to place, from peer organisation to peer organisation, or indeed from cyber intelligence hub to their members. There are other ways this has been defined, and IODEF is one of those.

So, what is the next step, assuming you have implemented some sort of automated intelligence gathering operation, you will have a database or similar now full of actionable information. How do you apply that to your organisations, how do you enrich that information to make it true actionable intellgence.

The next step is to bolt into (or implement if you have not already) the automation you have in place within your organisation to search your security logs for potential hits  for these indicators.

Examples here can include utilising the SPLUNK! API to automate the searches for C2 indicators, or other searches across your logs using regex of the data you have collected. A good open source example of this is using MalwareSigs to provide regular jobs you can run to search for badness.

So, once your searches have found hits, what do you do with them? You should certainly automate, or at least make as light touch as possible as many of your processes as possible. Automation of blocking / recategorisation of IP's/Domains which intelligence shows as being highly likely to be malicious could be blocked automatically with the understanding that its not always 100% accurate and may have an impact. 

Which other examples can you think of which would allow the automation of intelligence lead analysis to releave you, your team members and your organisation from what will become the Cyber Intelligence Tsunami?

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The H is closing its doors four and a half years after heise online UK was redesigned as a open source and security news and features web destination
    


 

They won't hack me
Crain's Cleveland Business (blog)
One of the reasons we in Infosec hear most often as to why smaller businesses don't make security more of a priority is that their data isn't interesting enough to steal. Perhaps your widgets are (in your estimation) in a niche that, while lucrative ...

 
Google Chrome CVE-2013-2871 Use After Free Remote Code Execution Vulnerability
 
Google Chrome CVE-2013-2875 Out of Bounds Memory Corruption Vulnerability
 
Google Chrome CVE-2013-2876 Security Bypass Vulnerability
 
Google Chrome CVE-2013-2880 Multiple Unspecified Security Vulnerabilities
 

VietNamNet Bridge

New DDoS attacks launched, targeting online newspapers
VietNamNet Bridge
According to CMC Infosec, a security firm, while considering the measures to fight against the DDoS attacks to online newspapers recently, internet security agencies found the malware pieces that created botnets, and discovered a malicious piece called ...

and more »
 
Internet Storm Center Infocon Status