Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Microsoft has released an emergency update to patch a security bug that allows attackers to remotely execute malicious code on computers running every supported version of Windows.

The critical vulnerability, which is present in all supported version of Windows, involves the way the Windows Adobe Type Manager Library handles fonts that use Microsoft's OpenType format. The bug allows attackers to take complete control of vulnerable computers. Attackers can exploit it by luring targets to booby-trapped websites or by tricking a target into opening a malicious file.

There are no indications at the moment that the vulnerability is being actively exploited in the wild. Still, the unscheduled issuance on Monday is an indication that the chances of exploitation are high enough to merit installation as soon as possible.

Read 3 remaining paragraphs | Comments

 
Oracle MySQL Server CVE-2015-0499 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2015-0505 Remote Security Vulnerability
 

iT News

Google joins chorus against infosec export controls proposal
iT News
Google has come out strongly against proposed new export control rules for exploits and software, arguing they could have a disastrous outcome and result in billions of users worldwide becoming less safe as security research is stymied. In a blog entry ...

and more »
 
Oracle MySQL Server CVE-2015-4737 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
 

Italian prosecutors have begun a criminal investigation of six former employees of the embattled company Hacking Team, according to a Reuters' report citing anonymous sources.

Hacking Team was hacked two weeks ago and had its data published all over the Internet. The leaked cache includes hundreds of gigabytes of company e-mails as well as some of its source code; the police allegedly suspect the involvement of former company insiders.

According to Reuters, the new criminal inquiry is in addition to the fact that the before the hack, several former employees were being privately accused of allegedly violating their contracts and using secrets to benefit competitors.

Read 27 remaining paragraphs | Comments

 
Tidy 'tmbstr.c' Heap Based Buffer Overflow Vulnerability
 

Microsoft just released a special out fo band security bulletin with a patch for a remote code execution vulnerability in Windows OpenType font drivers. The update replaces a patch released last week (MS15-077). Microsoft rates the vulnerability critical for all currently supported versions of Windows. Microsoft says in its bulletin, that it had information that the vulnerability was public, but had no indication that it was actively exploited. MS15-077">Critical: Anything that needs little to become interesting">Less Important patchesfor servers that donot useoutlook, MSIE, word etc. to do traditional office or leisure work.

  • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threats.

  • ---
    Johannes B. Ullrich, Ph.D.
    STI|Twitter|LinkedIn

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

     
    Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
     
    [security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information
     

    Security firm Netragard has suspended its exploit acquisition program two weeks after it was found selling a potent piece of attackware to the Italian malware developer Hacking Team.

    Netragard has long insisted that it sold exploits only to ethical people, companies, and governments. An e-mail sent in March and leaked by one or more people who compromised Hacking Team networks, however, showed Netragard CEO Adriel Desautels arranging the sale of an exploit that worked against fully patched versions of Adobe's Flash media player. Hacking Team in turn has sold surveillance and exploit software to a variety of repressive governments, including Egypt, Sudan, and Ethiopia.

    "Our motivation for termination revolves around ethics, politics, and our primary business focus," Desautels wrote in a blog post published Friday. "The Hacking Team breach proved that we could not sufficiently vet the ethics and intentions of new buyers. Hacking Team unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations."

    Read 6 remaining paragraphs | Comments

     
    [security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
     
    LinuxSecurity.com: ## 7.x-2.8**See [SA-CONTRIB-2015-130](https://www.drupal.org/node/2516678)****Features and enhancements*** Issue #2379289: migrate-import --update does not seem to work as expected, if map is not joinable, due to highwater field?* Issue #2403643: Migration::applyMappings() unable to handle multifield subfields* Issue #2472045: Add language subfields only if field is translatable* Issue #2474809: Obtuse error message when migration dependencies are missing* Issue #2397791: MigrationBase::handleException should handle multiple errors via field_attach_validate()* Issue #2309563: Add support for running migrations via wildcard name* Issue #2095841: Add MigrationBase methods to enable/disable mail system.* Issue #2419373: Performance improvement when using Source migrations in combination with MigrateSQLMap* Issue #2141687: Make error messages include more information when migrating files**Bug fixes*** Field sanitization added to prevent possibility of XSS - see security advisory https://security.drupal.org/node/155268.* Issue #2447115: Mapping editor does not properly save XML mappings* Issue #2497015: Remapping taxonomy terms breaks term reference import on dependant migrations* Issue #2488560: MigrateSourceList and MigrateSourceMultiItems getNextRow() stops after only one iteration* Issue #2446105: Source fields getting reset as "do not migrate" after mapping and saving* Issue #2415977: /tmp is hard-coded in migrate_ui* Issue #2475473: Drush idlist option broken* Issue #2465387: Unknown option: --stop during migrate-import via Drush**Important: If you are upgrading from Migrate 2.5 or earlier**Migration developers will need to add the "advanced migration information" permission to their roles to continue seeing all the info in the UI they're used to.Auto-registration (having classes be registered just based on their class name, with no call to registerMigration or definition in hook_migrate_api()) is no longer supported. Registration of classes defined in hook_migrate_api() is no longer automatic - do a drush migrate-register or use the Register button in the UI to register them.Migration class constructors should now always accept an $arguments array as the first parameter and pass it to its parent. This version does support legacy migrations which pass a group object, or nothing, but these methods are deprecated.
     
    LinuxSecurity.com: Update to upstream 1.3.2 which incldes fix for CVE-2015-1852Update to upstream 1.3.1 + S3token incorrect condition expression for ssl_insecure CVE-2015-1852
     
    LinuxSecurity.com: ## 7.x-3.3**See [SA-CONTRIB-2015-131](https://www.drupal.org/node/2516688)****Changes since 7.x-3.2:*** Fix security vulnerability, by AdamPS.* Remove an entity_label() workaround that core no longer needs.* Issue #2427381 by axel.rutz: Rules component lacks entity type* Issue #2418751 by anrikun: Archive action fails silently* Issue #2318273 by bojanz, PascalAnimateur: Added Hide action links from confirmation pages.* Issue #2364849 by rudiedirkx: Fixed Don't export unselected actions.* Issue #1817978 by ofry, samalone: Fixed Undefined index: triggers in flag_flag->get_valid_actions() .* Issue #2341283 by JvE: Fixed views_bulk_operations_cron says 1 day but uses 10 days.* Issue #2345667 by PascalAnimateur: Fixed Translate properties / available tokens titles.* Issue #2312547 by bennybobw, lmeurs: Fixed Broken view titles, they often only display a < character.* Issue #2317867 by Chi: Fixed Make tokens fieldset title translatable.* Issue #2173259 by Garrett Albright, my-family: Fixed Confirmation message not visible.* Issue #2305999 by gcb: Fixed Inaccurate Position -> Total being passed to action with Views 3.8.* Clean up previous patch.* Issue #1781704 by juampy: Added Make the ability to click on a row and activate the checkbox optional.* Issue #2254871 by jorisdejong: Fixed No default action behavior set in getAccessMask().* Issue #2280213: Make the OR string in theme_views_bulk_operations_select_all() translatable.* Issue #1618474 followup by acbramley: Hide operations selector & checkboxes if no operation available.* Issue #2192775 by Berdir: views_bulk_operations_load_action_includes() uses relative path in include_once
     
    LinuxSecurity.com: xl command line config handling stack overflow [XSA-137, CVE-2015-3259]
     
    LinuxSecurity.com: Security fix for CVE-2015-4645 / CVE-2015-4646
     
    LinuxSecurity.com: ## 7.x-2.8**See [SA-CONTRIB-2015-130](https://www.drupal.org/node/2516678)****Features and enhancements*** Issue #2379289: migrate-import --update does not seem to work as expected, if map is not joinable, due to highwater field?* Issue #2403643: Migration::applyMappings() unable to handle multifield subfields* Issue #2472045: Add language subfields only if field is translatable* Issue #2474809: Obtuse error message when migration dependencies are missing* Issue #2397791: MigrationBase::handleException should handle multiple errors via field_attach_validate()* Issue #2309563: Add support for running migrations via wildcard name* Issue #2095841: Add MigrationBase methods to enable/disable mail system.* Issue #2419373: Performance improvement when using Source migrations in combination with MigrateSQLMap* Issue #2141687: Make error messages include more information when migrating files**Bug fixes*** Field sanitization added to prevent possibility of XSS - see security advisory https://security.drupal.org/node/155268.* Issue #2447115: Mapping editor does not properly save XML mappings* Issue #2497015: Remapping taxonomy terms breaks term reference import on dependant migrations* Issue #2488560: MigrateSourceList and MigrateSourceMultiItems getNextRow() stops after only one iteration* Issue #2446105: Source fields getting reset as "do not migrate" after mapping and saving* Issue #2415977: /tmp is hard-coded in migrate_ui* Issue #2475473: Drush idlist option broken* Issue #2465387: Unknown option: --stop during migrate-import via Drush**Important: If you are upgrading from Migrate 2.5 or earlier**Migration developers will need to add the "advanced migration information" permission to their roles to continue seeing all the info in the UI they're used to.Auto-registration (having classes be registered just based on their class name, with no call to registerMigration or definition in hook_migrate_api()) is no longer supported. Registration of classes defined in hook_migrate_api() is no longer automatic - do a drush migrate-register or use the Register button in the UI to register them.Migration class constructors should now always accept an $arguments array as the first parameter and pass it to its parent. This version does support legacy migrations which pass a group object, or nothing, but these methods are deprecated.
     
    LinuxSecurity.com: ## 7.x-3.3**See [SA-CONTRIB-2015-131](https://www.drupal.org/node/2516688)****Changes since 7.x-3.2:*** Fix security vulnerability, by AdamPS.* Remove an entity_label() workaround that core no longer needs.* Issue #2427381 by axel.rutz: Rules component lacks entity type* Issue #2418751 by anrikun: Archive action fails silently* Issue #2318273 by bojanz, PascalAnimateur: Added Hide action links from confirmation pages.* Issue #2364849 by rudiedirkx: Fixed Don't export unselected actions.* Issue #1817978 by ofry, samalone: Fixed Undefined index: triggers in flag_flag->get_valid_actions() .* Issue #2341283 by JvE: Fixed views_bulk_operations_cron says 1 day but uses 10 days.* Issue #2345667 by PascalAnimateur: Fixed Translate properties / available tokens titles.* Issue #2312547 by bennybobw, lmeurs: Fixed Broken view titles, they often only display a < character.* Issue #2317867 by Chi: Fixed Make tokens fieldset title translatable.* Issue #2173259 by Garrett Albright, my-family: Fixed Confirmation message not visible.* Issue #2305999 by gcb: Fixed Inaccurate Position -> Total being passed to action with Views 3.8.* Clean up previous patch.* Issue #1781704 by juampy: Added Make the ability to click on a row and activate the checkbox optional.* Issue #2254871 by jorisdejong: Fixed No default action behavior set in getAccessMask().* Issue #2280213: Make the OR string in theme_views_bulk_operations_select_all() translatable.* Issue #1618474 followup by acbramley: Hide operations selector & checkboxes if no operation available.* Issue #2192775 by Berdir: views_bulk_operations_load_action_includes() uses relative path in include_once
     
    LinuxSecurity.com: Security Report Summary
     
    LinuxSecurity.com: Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation.
     

    Ashley Madison, an online dating website that specifically targets people looking to have an affair, has been hacked by a group that calls itself Impact Team. A cache of data has been released by the Impact Team, including user profiles, company financial records, and "other proprietary information." The company's CEO, Noel Bilderman, confirmed with KrebsOnSecurity that they had been hacked, but did not speak about the extent of the breach.

    The Impact Team claims to have a "complete set of profiles" from the Ashley Madison user database, though so far it appears to only have released a small number of them. The hackers seem to have taken umbrage at both the concept of the site—the site's slogan is "Life is short. Have an affair."—and also the site's "full delete" feature. Ashley Madison charges users $19 (£12) to completely erase their profile, but the hackers claim that the user's details aren't actually deleted.

    Along with some user profiles, Impact Team also released some internal network maps, employee details and salary information, and company bank account data.

    Read 6 remaining paragraphs | Comments

     
    LinuxSecurity.com: Security Report Summary
     
    LinuxSecurity.com: Security Report Summary
     
    LinuxSecurity.com: xl command line config handling stack overflow [XSA-137, CVE-2015-3259]
     
    [SECURITY] [DSA 3311-1] mariadb-10.0 security update
     
    [SECURITY] [DSA 3310-1] freexl security update
     
    [SECURITY] [DSA 3309-1] tidy security update
     
    [SECURITY] [DSA 3308-1] mysql-5.5 security update
     
    [slackware-security] php (SSA:2015-198-02)
     
    [slackware-security] httpd (SSA:2015-198-01)
     
    AirDroid ID - Client Side JSONP Callback Vulnerability
     
    FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability
     
    UDID+ v2.5 iOS - Mail Command Inject Vulnerability
     

    Continuing my diary entries on Sysinternals tools with VirusTotal support, I" />

    Sigcheck also supports VirusTotal searches. When you use option -v, the hash of the file will be submitted to VirusTotal. The first time you run it, youll have to accept VirusTotal" />

    You" />

    If a hash is not present in VirusTotal" />

    As can be seen from this last screenshot, files without digital signature are also checked with VirusTotal.

    Sysinternals: http://technet.microsoft.com/en-us/sysinternals

    VirusTotal: https://www.virustotal.com/

    Didier Stevens
    Microsoft MVP Consumer Security
    blog.DidierStevens.com DidierStevensLabs.com

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
     
    Internet Storm Center Infocon Status