(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
U.S. consumers experienced the highest level of identity theft in three years in 2012, although much of the fraud losses were absorbed by banks and merchants, according to a new survey.
After a seven-year wait, Sony's PlayStation 4 has finally been announced.
The administrators of a popular iOS developer Web forum called iPhoneDevSDK confirmed Wednesday that it had been compromised by hackers who used it to launch attacks against its users. Security experts believe the site served as a gateway for the recent attacks against Twitter, Facebook and Apple employees and that many other companies might be affected as well.
[SECURITY] [DSA 2630-1] postgresql-8.4 security update
[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏
[ MDVSA-2013:013 ] squid
Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability
NASA's super rover Curiosity has collected a sample from the inside of a rock on Mars, the first time the process has been done on another planet, NASA announced Wednesday
Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0779 Remote Code Execution Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0778 Remote Code Execution Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0774 Information Disclosure Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0781 Remote Code Execution Vulnerability
Alt-N MDaemon Email Body HTML/JS Injection Vulnerability
Alt-N MDaemon's WorldClient Username Enumeration Vulnerability
The U.S. Federal Communications Commission has taken the first step toward an expansion of the spectrum available for Wi-Fi, with the agency launching a rulemaking proceeding to open new parts of the 5GHz spectrum to unlicensed uses.
Adobe released emergency patches for Adobe Reader and Acrobat 11, 10 and 9 on Wednesday that address two critical vulnerabilities being actively exploited by attackers.
Broadcom says it's invented a chip that can tell your phone where you are all the time without quickly draining your battery.
Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability
Multiple Cross-Site Scripting (XSS) in glFusion
[slackware-security] mozilla-thunderbird (SSA:2013-050-02)
[slackware-security] mozilla-firefox (SSA:2013-050-01)
Communication with the astronauts on board the International Space Station were restored after problems with a software upgrade knocked out contact for several hours Tuesday.
As part of Marissa Mayer's comeback plan for Yahoo, the company unveiled its revamped homepage.
BigAnt IM Server Multiple Security Vulnerabilities
APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13
Hoping to extend Linux's reach to ARM-based networking equipment, the not-for-profit engineering group Linaro has launched an initiative to develop code to run routers, switches and other networking equipment.
ERP (enterprise resource planning) software project schedule overruns got even worse in 2012, according to newly released data from Panorama Consulting.
Yammer plans to roll out an integration with the SkyDrive Pro cloud storage product and the Office Web Apps Web-hosted productivity application suite this summer.
Oracle Java SE CVE-2013-1485 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2013-1484 Remote Java Runtime Environment Vulnerability

7 days ago finished the eight version of the SANS SCADA Summit at Orlando. Conferences were really great and it was a great opportunity to see that I am not the only CISO that is having trouble developing and implementing an information security program to the ICS world of the company. The most important conclusions obtained back there are:

Operators and professionals from the industrial world does only care about the process: they want it efficient, reliable, available all the time and simple. When we, the security people, try to implement some control measures to avoid risks from being materialized, we need to preservate all those attributes to the process. Lets keep in mind that if we cannot improve the ICS process with our controls, the business wont let us do anything and they prefer to suffer the risk materializing than let us try to avoid them.

Compliance is a consequence of implementing a good security program. Choose a good framework to implement and begin working. Examples of such frameworks are:


ISA (Industrial Automation and Control Systems Security) 99 IEC 62443

20 Critical security controls

NIST GUIDE to SCADA and Control Security

CFATS (Chemical Facility anti terrorism standards)

As you definitely need to avoid increasing the complexity on the SCADA System operation, you cannot allow irregular acess to your operators to resources outside the Industrial Control System (ICS) network. That means not allowing to read e-mail and not accessing the Internet from the same computer where a Human to Machine Interface (HMI) is installed. They can always use other computers that have access to the IT world.

As I stated, the ICS guys only cares about their process and tent to disregard anything that might cause problems or make them feel they are doing their work in a slow way. Therefore, a strong awareness campain is needed pointing to strong motivations like cyberterrorism and materialized risks to the SCADA and ICS systems.

Firewalls are good but not enough to protect risks from SCADA and ICS systems. You need to add other controls like SCADA application whitelisting, Host Intrusion Prevention Systems, Network Intrusion Prevention Systems and patch management.

Patch unpatched vulnerabilities of your SCADA and ICS systems. If fore some reason the product cannot be patched, take any other approach to lower the risk to the minimum possible value.

Include the ICS environment to your information security risk matrix. You need to start including it inside your controls. Otherwise, information security risks will become unmanageable to your SCADA/ICS.

SCADA/ICS systems manages critical infrastructure and could be a target addressed by any irregular and ilegal group. For all us who work to companies where SCADA/ICS systems are vital to business, it will become the most important information asset to protect, as it could be used to destroy all the assets used to ensure companys future money.

Manuel Humberto Santander Pelez

SANS Internet Storm Center - Handler



e-mail: msantand at isc dot sans dot org
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The January 15-16, 2013, Cloud Computing and Big Data Conference webinar video is now available on demand. This meeting, held at the National Institute of Standards and Technology (NIST), explored the opportunities created by the ...
The war between Google and Microsoft is heating up. Each tech giant offers a productivity suite serving the essentials for serious work online: word processing, spreadsheets, email, and calendars. Should you ally with Google Apps for Business, or root for Microsoft's Office 365 for Small Business?
Google is looking for people to test Glass, its upcoming computerized eye glasses, and tell developers how they would use them.
Microsoft customers can save between $20 and $40 on a one-PC, perpetual license of Office 2013 by purchasing a "product key card," a retail offer that consists of a 25-character activation key.
It's a common belief in the information security world that the Chinese government is behind many of the advanced persistent threats that target companies around the world in an effort to steal their IP and trade secrets. Now one security firm has come forward with years of evidence to link a prolific APT group to a unit inside the Chinese government.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
With Xamarin version 2.0, Visual Studio developers can build C# apps to run on Apple devices
International roaming between carriers' Wi-Fi networks has come a step closer, with AT&T, Boingo Wireless, NTT DoCoMo and Orange completing network assessments as part of the Wireless Broadband Alliance's new interoperability program.
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
Advanced Micro Devices hopes to take on Intel's ultrabooks with a new keyboard docking technology that modifies the level of performance of thin-and-light hybrid devices when used in tablet or laptop modes.
ST-Ericsson has cranked its forthcoming smartphone processor up to 3GHz. The quad-core NovaThor L8580 will include a PowerVR graphics processor and an LTE modem with support VoLTE (Voice over LTE) and next-generation LTE technology carrier aggregation.
Citrix has announced its mobile device management platform, XenMobile, which will offer companies a secure way for employees to access native Citrix apps in the cloud as well as third-party software, such as Windows, SAP or even Salesforce.com.
The increasing popularity of Symfony appears to have brought the PHP framework to the attention of hackers. The Security Advisories Checker component is designed to help developers find security information

Oracle has released another update for the Java runtime environment. It closes five security holes, three of which have been rated at the highest threat level. The company says that it has also fixed the "Lucky 13" TLS/SSL vulnerability

Microsoft, EMC and NetApp have joined an appeal by Oracle against an earlier decision in a copyright and patent infringement lawsuit against Google over Android.
The day it acknowledged company-owned Macs had been hacked using a "drive-by" Java exploit, Apple on Tuesday patched the Oracle software for older systems and released a malware detection tool.
Oracle released new Java security updates on Tuesday and announced plans to accelerate the release of future Java patches following recent attacks that have infected computers with malware by exploiting zero-day vulnerabilities in Java browser plug-ins.
NTT Communications, the IT arm of Japan's main telecommunications operator, is aggressively expanding its data center operations outside the country as part of a push to offer its cloud-hosting services worldwide.
China's Ministry of National Defense refuted the accusations that the nation's military supports cyberespionage, and said a recent security report backing the claims used scientifically flawed evidence.
The U.S. International Trade Commission has decided to review a December ruling by an administrative law judge that Apple did not violate a Motorola Mobility patent relating to a sensor controlled user interface for a portable communication device.
Dell's VMware-based cloud infrastructure provides all of the flexibility and complexity of the leading enterprise virtualization platform
China is by far the most aggressive, but not the only, country attempting the sort of extensive cyberespionage described in security firm Mandiant's dramatic report, released this week.
Twitter, Facebook and now Apple have found company laptops infected with malware that exploits a Java zero-day. The malware's launching point has now been confirmed as a forum site for iPhone developers

Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2013-1486 Remote Java Runtime Environment Vulnerability
Dell unveiled upgrades to its deduplication appliance line, the DR-series, whose models can now grow to 81TB and replicate data from up to 32 remote offices to a central node.
Symantec Encryption Desktop CVE-2012-6533 Local Buffer Overflow Privilege Escalation Vulnerability

Posted by InfoSec News on Feb 19


By Aliya Sternstein
February 19, 2013

Sandia National Laboratories on Tuesday will inaugurate a cybersecurity center
to perform offensive and defensive warfighting techniques that onsite nuclear
weapons scientists have been practicing for decades.

The Cybersecurity Engineering Research Laboratory, which began operating in...

Posted by InfoSec News on Feb 19


By Salvador Rodriguez
Los Angeles Times
February 19, 2013

In an apparent move to gain Twitter followers, sister networks MTV and BET
pretended hackers took over their accounts.

Tuesday's publicity stunt came after Burger King and Jeep had their Twitter
accounts hijacked by hackers who switched their profiles to show...

Posted by InfoSec News on Feb 19


By John E Dunn
19 February 2013

Oxford University has taken the radical step of temporarily blocking access to
Google Docs after a dramatic increase in phishing attacks trying to harvest
academic email credentials using bogus forms hosted on the service.

On Monday the University’s IT team it said it dealt with a clutch of...

Posted by InfoSec News on Feb 19


By Josh Lowensohn
CNet News
February 19, 2013

Apple today said it too was targeted as part of the string of hacking efforts
on companies and news agencies.

The iPhone and Mac maker told Reuters that hackers targeted computers used by
its employees, but that "there was no evidence that any data left Apple."

In a statement, Apple...

Posted by InfoSec News on Feb 19


By John Leyden
The Register
19th February 2013

A Dutch MP has been fined €750 (£650, $1,000) after he was convicted of
illegally accessing the systems of a Dutch medical laboratory.

Henk Krol claims he only accessed the systems of Diagnostics for You in order
to expose sloppy security practices. The MP, who is the leader of Dutch
minority pensioners party, 50plus,...
Internet Storm Center Infocon Status