(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Dell has become a member of the Alliance for Wireless Power, an indication that the company is eyeing the technology for some of its products.
LaCie has increased the storage capacity of its 5big external storage product to 25TB.
The White House will launch new efforts aimed at combating abusive patent lawsuits, including a website to assist defendants of patent lawsuits brought by so-called patent trolls.
Companies that move the bulk of their IT operations to cloud services can end up realizing significant overall cost savings, according to a study by analyst firm Computer Economics.
Abobe planned to release an emergency update for Flash Player on Thursday, after security vendor FireEye pointed to a zero-day exploit used by attackers to target visitors to websites of three nonprofits, two of which focus on national security and public policy.
Just when it appeared to be over, a public battle of words between senior executives at BlackBerry and T-Mobile USA has reignited.
Google has backtracked from changes that made Chrome's scrollbar non-standard, a move that infuriated some users a month ago when the company rolled out Chrome 32.
Facebook may be shelling out $19 billion in cash and stock for the messaging company WhatsApp to stanch the departure of younger users from the social network.

Adobe has released security advisory APSB14-07 which is an update for Adobe Flash Player versions and prior. It impacts both Windows and Mac versions, and those on Linux prior to

It addresses CVE-2014-0502 which is being exploited in the wild, and Adobe say you should update asap!

Details are available on the Adobe site.

Steve Hall

ISC Handler


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mozilla Thunderbird/Seamonkey CVE-2013-6674 HTML Injection Vulnerability
Google today upgraded Chrome to version 33, fulfilling its promise to block more add-ons in the Windows browser and quashing 28 bugs.
Joyent wants to bring Linux into its fold of advanced computing cloud services, and has started offering an enterprise-supported version of the Canonical Ubuntu distribution that has been modified to take advantage of Joyent's infrastructure.
Scientists at the Lawrence Livermore National Laboratory are using nanotechnology to create clothing designed to protect U.S. soldiers from chemical and biological attacks.

Adobe has released an emergency update for its widely used Flash Player to combat active attacks that exploit a previously unknown security bug that hackers are actively exploiting to surreptitiously install malware on end-user computers.

The vulnerability, which affects the latest versions of Flash, was being exploited in drive-by attacks on the websites of at least three nonprofit organizations, according to a blog post published Thursday by researchers from security firm FireEye. Two of the institutions—the Peter G. Peterson Institute for International Economics and the Smith Richardson Foundation—focus on matters of national security and public policy. The targets, combined with the technical signatures of the attacks themselves, have led researchers to suspect that the attackers are the same ones behind similar campaigns from 2012. The FireEye researchers wrote:

This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.

This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.

The vulnerability, which is indexed as CVE-2014-0502 under the common vulnerabilities and exposure system, allows attackers in certain cases to execute malicious code by overwriting the virtual function table pointer of a Flash object. In a testament to the growing effectiveness of modern exploit mitigation techniques, a protection known as address space layout randomization (ASLR) prevents the exploit from working on the vast majority of machines. ASLR vastly decreases the chances that a remote-code-execution attack will succeed by loading downloaded scripts in a different memory location each time the computer is rebooted. The attackers behind the campaign discovered by FireEye found a way to bypass ASLR on computers running older software. Specifically, PCs running Windows XP, Windows 7 with the now-unsupported 1.6 version of Oracle's Java, and Windows 7 with a now out-of-date version of Office 2007 or Office 2010 don't benefit from the protection of ASLR.

Read 2 remaining paragraphs | Comments


libtar Multiple Arbitrary File Overwrite Vulnerabilities
Microsoft Internet Explorer CVE-2014-0285 Memory Corruption Vulnerability
Cisco Unified Computing System 'copy' Command Local Privilege Escalation Vulnerability
Mozilla Firefox/SeaMonkey CVE-2014-1489 Security Vulnerability
LinuxSecurity.com: A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user [More...]
LinuxSecurity.com: Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users (CVE-2014-0037, CVE-2014-0079). [More...]
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
LinuxSecurity.com: USN-2102-1 introduced a regression in Firefox.
LinuxSecurity.com: Updated gnutls packages fix security vulnerability: Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate [More...]
LinuxSecurity.com: Updated tomcat6 packages fix security vulnerabilities: It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting [More...]
LinuxSecurity.com: New kernel packages are available for Slackware 14.1 (64-bit) to fix a security issue. [More Info...]
LinuxSecurity.com: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate [More...]
LinuxSecurity.com: New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: New mariadb and mysql packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter [More...]
LinuxSecurity.com: GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service.
Microsoft .NET Framework CVE-2014-0295 ASLR Security Bypass Vulnerability
Microsoft .NET Framework CVE-2014-0253 Remote Denial of Service Vulnerability
Jenkins 'Description' Feild HTML Injection Vulnerability
Microsoft today rebranded its browser-based Office Web Apps, stripped-down versions of Word, Excel, PowerPoint and OneNote, as Office Online.
Flash storage can be a big power consumer in mobile devices, but it's not the flash that sucks up all that energy, it's the software that goes with it, according to researchers from the University of California at San Diego and Microsoft.
Android & iOS Hands-on Exploitation at SyScan 2014
[ MDVSA-2014:045 ] libtar

The scale and grandeur of the Winter Olympics in Sochi is estimated to have cost Russia an astronomical $46 billion. Two of its key telecom partners, Rostelecom and Megafon, pledged less than one percent: about $415 million total. But was that enough to turn a mountainous subtropical resort into a world-class connected site, with full LTE coverage for the first time in the Olympics' history? And perhaps more importantly, what behind-the-scenes technology keeps the Olympics running securely?

You've probably heard multiple accounts of everyday life horrors in Sochi, such as missing bulbs in hotel rooms, weird bathrooms, and dangerous manholes. But complaints about the cell coverage, Wi-Fi quality (even if it was provided that way), and overall connectivity have been nearly indiscernible in the Olympic buzz.

Digital surveillance fears, however, lingered across the board.

Read 28 remaining paragraphs | Comments


Multiple Linksys Devices Multiple Remote Code Execution Vulnerabilities
MaraDNS CVE-2014-2032 Remote Denial of Service Vulnerability
PathSolutions' TotalView provides a path-oriented view into network problems and acts as a superb companion to your traditional network monitoring system
Cisco Systems has released security updates to fix serious vulnerabilities in a range of products including its Intrusion Prevention System, Unified Computing System Director, Unified SIP Phone 3905 and Firewall Services Module products.
SQL Injection in AdRotate
[slackware-security] kernel (SSA:2014-050-03)
[slackware-security] mariadb, mysql (SSA:2014-050-02)
[HITB-Announce] Haxpo CFP

Infosec startup Ionic Security raises $25.5M from Google, Kleiner
Atlanta Business Chronicle (blog)
Infosec startup Ionic Security raises $25.5M from Google, Kleiner. Cloud wowed: Tom Noonan, from left, Ionic founder Adam Ghetti and Ionic CEO. Enlarge. Byron E. Small. Cloud wowed: Tom Noonan, from left, Ionic founder Adam Ghetti and Ionic CEO Steve ...

Percona Toolkit for MySQL Automatic Version Check Information Disclosure Vulnerability
[ MDVSA-2014:044 ] zarafa
Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software
Microsoft on Wednesday issued a stopgap defense that protects IE9 and IE10 against ongoing attacks until the company issues a patch, probably in three weeks.
A small protest at Bitcoin exchange Mt. Gox in Tokyo marked seven days on Thursday, with demonstrators saying they want to ensure their bitcoins are safe.
Ebay has acquired PhiSix Fashion Labs, a computer graphics startup that makes 3D models of clothing, in a bid to offer customers a virtual fitting room.
Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability
Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability
Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
[ MDVSA-2014:043 ] gnutls
Barracuda Message Archiver 650 - Persistent Web Vulnerability
Cisco Unified Communications Manager RTMT Information Disclosure Vulnerability

Microsoft has published a TechNet article detailing the availability of a "FixIt" for the current IE9/IE10 zero day which has been doing the rounds. Corporate users will presumably have to wait until the availability of the patch which Microsoft say will be released during the monthly patching cycle.

Microsoft released Advisory 2934088 : https://technet.microsoft.com/en-us/security/advisory/2934088

They have released a FixIt, another shim fix, that is available for download : https://support.microsoft.com/kb/2934088

Thanks to one of our regulars, and Swa for the overnight heads-up.


Steve Hall

ISC Handler 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Feb 20


By Gwen Ackerman
Feb 19, 2014

Israel's main power company opened a cyber "war room" this week to defend
its systems around the clock from hackers. Technicians at Israel Electric
will monitor as many as 400 million cyber-attacks and hacking attempts a

"There are hundreds of thousands of...

Posted by InfoSec News on Feb 20


By Sean Gallagher
Ars Technica
Feb 19 2014

In 2012, Iranian hackers managed to penetrate the US Navy's unclassified
administrative network, the Navy Marine Corps Intranet. While the attack was
disclosed last September, the scale of it was not -- the attack gave hackers
access to the NMCI for nearly four months, according to an...

Posted by InfoSec News on Feb 20


Feb 18, 2014

French aerospace engine maker Snecma, a unit of Safran, was attacked by
hackers who exploited a vulnerability in Microsoft Corp's Internet
Explorer, according to a computer security researcher.

It was not clear how successful the hackers had been in their efforts to
breach Snecma's network, according to the...

Posted by InfoSec News on Feb 20

Forwarded from: cfp2014 (at) recon.cx

RECON 2014 February 17th, 2014


- REcon 2014 is a computer security conference for reverse engineers,
hackers, and enthusiasts.

- This patent lays claim to all security conferences and gatherings of
hackers where 50%...

Posted by InfoSec News on Feb 20


By David Cenciotti
The Aviationist
Feb 17, 2014

"Train as you fight, fight as you train" has always been Red Flag's motto.

U.S. Air Force's main exercise has to prepare aircrew and support
personnel to fight modern war. In the air, on the ground, over the sea and
in the cyberspace.

For the first time, the recent Red Flag 14-1 at Nellis Air Force Base featured
Cisco Unified Communications Manager CAPF SQL Injection Vulnerability
Xen CVE-2013-2212 Local Denial of Service Vulnerability
Zarafa Collaboration Platform CVE-2014-0079 Denial of Service Vulnerability
Zarafa Collaboration Platform CVE-2014-0037 Denial of Service Vulnerability
Internet Storm Center Infocon Status