(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Credit and debit card information belonging to customers who did business at 51 UPS Store Inc. locations in 24 U.S. states this year may have been compromised.
Is social media in general and Twitter in particular speeding up the news cycle?
The UPS Store said Wednesday that malicious software was found on the systems of 51 of its franchises in 24 U.S. states, although no fraud has been detected yet.
Generic Android tablets with 7-inch screens and quad-core chips that deliver decent performance could soon sell for under $35.
Hewlett-Packard reported a slight uptick in revenue for the second calendar quarter as its PC sales increased.

Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.

In an announcement posted Wednesday to its website, UPS said that 51 locations, or around one percent of its 4,470 franchised stores across the country, were found to have been penetrated by a “broad-based malware intrusion.” The company recorded approximately 105,000 transactions at those locations, but does not know the precise number of cardholders affected.

UPS did not say precisely how such data was taken, but given the recent breaches at hundreds of supermarkets nationwide, point-of-sale hacks at Target, and other major retailers, such systems would be a likely attack vector. Earlier this month, a Wisconsin-based security firm also reported that 1.2 billion usernames and passwords had been captured by a Russian criminal group.

Read 7 remaining paragraphs | Comments

When President Barack Obama takes executive action on immigration, he's expected to give final approval to a rule allowing spouses of H-1B visa holders, now barred from working in the U.S., to get jobs.

In early July, a group of cyber criminals released a modified version of the Gameover ZeuS banking trojan, using a technique known as a domain generation algorithm (DGA) to make disrupting the botnet more difficult.

But the same technique has made it easier for researchers to track the botnet's activity, and they watched as it quickly grew from infecting hundreds of initial systems to 10,000 systems in two weeks. Then a funny thing happened: Gameover ZeuS stopped growing. Now, almost six weeks after researchers first detected signs of the program, the group behind the botnet keeps the infections between 3,000 and 5,000 systems, according to security services firm Seculert.

The group undoubtedly wants to grow the botnet again because cyber crime is typically a game of large numbers. When a coalition of law enforcement officials and industry players took down the botnet in late May, it comprised some 500,000 to 1 million machines. Now they're laying low, Seculert CTO Aviv Raff told Ars.

Read 7 remaining paragraphs | Comments

There may be big expectations for the wearables market, but the reality is that until someone transforms the category -- Apple's the usual suspect -- it won't break out of a very small constituency.
Production of lithium-ion batteries capable of storing solar or wind-generated electricity will need to ramp up before homes and businesses can truly go off the grid.
The depletion of Internet addresses would seem to spell relief for aged routers that are struggling to deal with the Internet's growth, but the complicated interplay between those trends might cause even more problems.
When President Barack Obama takes executive action on immigration, he's expected to give final approval to a rule allowing spouses of H-1B visa holders, now barred from working in the U.S., to get jobs.
Production of lithium-ion batteries capable of storing solar or wind-generated electricity will need to ramp up before homes and businesses can truly go off the grid.
It's part of your job to let your boss know honestly what you can and can't do. (Insider; registration required)
The R programming language is quickly gaining popularity over the traditional statistics packages such as SPSS, SAS and MATLAB, at least according to one data statistician who teaches the language.
RSA Archer GRC CVE-2014-0641 Unspecified Cross Site Request Forgery Vulnerability
EMC RSA Archer GRC CVE-2014-2517 Unspecified Privilege Escalation Vulnerability
RSA Archer GRC CVE-2014-0640 Unspecified Information Disclosure Vulnerability
EMC RSA Archer GRC CVE-2014-2505 Unspecified Remote Code Execution Vulnerability
IBM Rational Directory Server CVE-2014-3089 Local Information Disclosure Vulnerability
While many mobile device apps such as a calendar or collaboration tools are very handy and can improve productivity, they can also introduce vulnerabilities that can put sensitive data and network resources at risk. The National ...
Less than a day after the HTC One (M8) for Windows went on sale "exclusively" on Verizon Wireless, AT&T also said it will carry the new smartphone, too.
A typical intersection configuration.

Taking over a city’s intersections and making all the lights green to cause chaos is a pretty bog-standard Evil Techno Bad Guy tactic on TV and in movies, but according to a research team at the University of Michigan, doing it in real life is within the realm of anyone with a laptop and the right kind of radio. In a paper published this month, the researchers describe how they very simply and very quickly seized control of an entire system of almost 100 intersections in an unnamed Michigan city from a single ingress point.

The exercise was conducted on actual stoplights deployed at live intersections, "with cooperation from a road agency located in Michigan." As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based, with all the nodes (intersections and management computers) on a single subnet. In order to save on installation costs and increase flexibility, the traffic light system uses wireless radios rather than dedicated physical networking links for its communication infrastructure—and that’s the hole the research team exploited.

Wireless security? What's that?

The systems in question use a combination of 5.8GHz and 900MHz radios, depending on the conditions at each intersection (two intersections with a good line-of-sight to each other use 5.8GHz because of the higher data rate, for example, while two intersections separated by obstructions would use 900MHz). The 900MHz links use "a proprietary protocol with frequency hopping spread-spectrum (FHSS)," but the 5.8GHz version of the proprietary protocol isn’t terribly different from 802.11n.

Read 11 remaining paragraphs | Comments

Baidu Spark Browser Stack Overflow Denial of Service Vulnerability
IBM WebSphere Application Server CVE-2014-0965 Unspecified Information Disclosure Vulnerability
RiverBed Stingray Traffic Manager Virtual Appliance Cross Site Scripting Vulnerability
LinuxSecurity.com: Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security [More...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.
Cacti Multiple Unspecified Security Vulnerabilities

The muse for this diary is far from hot off the press. Many of you may have already come across the click through scam on Facebook reporting a video recording taken of Robin Williams moments before his death.  

In case you had not heard, Robin Williams is a popular American movie actor and entertainer that recently took his own life at the young age of 63.  The general public's open expression of grief for his passing has given some evil doers an opening to take advantage of human emotion.

Snopes.com has a write up on this scam. [1]   I can offer a couple of details on it.    
An image like this one will show up in your Facebook feed enticing you to click to view the video of Robin Williams.

Once the link is clicked, it will bait again the user to fill out a survey and provide some information. (PII)
The following image is the next step.


By clicking through this type of scam it opens a list of vectors for the user to be exploited. So please beware, educate your family, friends, and co-workers.

Let this also be a wake up call for other soft spots.  The ALS Ice Bucket challenge is viral marketing success, that could easily be exploited. So don't always trust and feel the need to meet your curiosity.

Safe clicking.

[1] http://www.snopes.com/computer/facebook/robinwilliams.asp


(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Cacti Multiple Cross Site Scripting Vulnerabilities
Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability

Posted by InfoSec News on Aug 20


By George Leopold
Defense Systems
Aug 15, 2014

The next major network security threat could come from the sky, in the
form of drones equipped with video cameras and the ability to sniff out
mobile devices and their unique identifiers, perhaps even establishing
rogue network access points in the sky that could be used to hack
sensitive government or corporate...
Microsoft Windows Installer Service CVE-2014-1814 Local Privilege Escalation Vulnerability
OpenStack Neutron CVE-2014-3555 Denial of Service Vulnerability
WordPress WP Content Source Control Plugin 'download.php' Directory Traversal Vulnerability
CVE-2014-5307 - Privilege Escalation in Panda Security Products
CVE-2014-4973 - Privilege Escalation in ESET Windows Products
SQL Injection Vulnerability in ArticleFR
[SECURITY] [DSA 3007-1] cacti security update

Posted by InfoSec News on Aug 20

Cyber Security EXPO is a new event for everybody wanting to protect their
organisation from the increasing commercial threat of 21st century
cyber-attacks. The challenge of securing corporate data and networks to
mitigate risk is greater than ever, so Cyber Security EXPO has been
designed to include the following themes - Internet & Network Security,
Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management,...

Posted by InfoSec News on Aug 20


By David Shamah
The Times of Israel
August 20, 2014

Syrian hackers, known best for their attacks on vital sites in Israel, the
US, and Europe, are turning on their own people, taking advantage of their
fears about the devastating civil war around them

The Syrian Electronic Army, an outfit that has gained fame for its hacks
of government and defense websites, is...

Posted by InfoSec News on Aug 20


By Steve Ragan
Aug 19, 2014

According to a blog post from TrustedSec, an information security
consultancy in Ohio, the breach at Community Health Systems (CHS) is the
result of attackers targeting a flaw OpenSSL, CVE-2014-0160, better known
as Heartbleed.

The incident marks the first case Heartbleed has been linked to an...
Microsoft Windows Kernel 'Win32k.sys' CVE-2014-0318 Local Privilege Escalation Vulnerability
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
ICETC2014 - IEEE Extended Submission until Aug. 28, 2014
[security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities
[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
FFmpeg 'libavcodec/iff.c' Memory Corruption Vulnerability
FFmpeg 'libavcodec/proresenc_kostya.c' Buffer Overflow Vulnerability
HybridAuth 'install.php' Remote Code Execution Vulnerability
Sprint's new lower-priced shared data plan sounds ambitious, but analysts say it doesn't go far enough and won't address the carrier's network performance sore spot.
VMware's Virtual SAN 1.0 combines easy setup and management with high availability and high performance -- and freedom from traditional storage systems
Twitter said late Tuesday it will remove images and videos of deceased people upon the request of family members, but it put conditions on the policy.
A type of malware called Reveton, which falsely warns users they've broken the law and demands payment of a fine, has been upgraded with powerful password stealing functions, according to Avast.
Apple is working its way toward releasing OS X Mountain Lion 10.9.5, very likely the last non-security update for the 10-month old operating system.
Historically, cloud BI has been mostly used by smaller businesses, but larger enterprises are starting to make the trek.
Scientists at Northeastern University are using nanotechnology to find an effective treatment for the Ebola virus, which has killed more than 1,200 people, and sickened even more.

Posted by InfoSec News on Aug 20


By Patrick Ouellette
Health IT Security
August 19, 2014

Being proactive in healthcare IT security means picking out risks before
incidents occur, not after the fact. But the challenge is that potential
risks are spread across a variety of areas within a healthcare
organization. Blair Smith, Ph.D. Dean, Informatics-Management-Technology
(IMT) at...
[security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
[security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
[Call For Papers] RiseCON - Rosario, Argentina
[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Internet Storm Center Infocon Status