Google will retire its Checkout payment processing tool on Nov. 20, and warned retailers they will need to move to a different payment processing platform.
Sprint Nextel said it had received permission from SoftBank to negotiate a rival acquisition offer from Dish Network.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Red Cross is using apps to help warn people about potential weather calamities. One of its more popular efforts is its new Tornado app.
Yahoo has made some radical changes to its Flickr photo sharing service, which now has a more photo-filled interface and comes with a free terabyte of storage so that users can upload images at their original resolution.

Trend Micro published a report last week on a spear-phishing emails campaign that contain a malicious attachment exploiting a Microsoft Office vulnerability (CVE-2012-0158).

This paper identified specific targets:

  • Government ministries
  • Technology companies
  • Media outlets
  • Academic research institutions
  • Nongovernmental organizations

According to the report, "While we have yet to determine the campaign’s total number of victims, it appears that nearly 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to Safe.[1]" Another fact of interest is the author of the malware is probably a professional software developer that reused legitimate source code from an Internet services company. Based on the information collected, they found "One key indicator that can be used to detect this network communication is the user-agent, Fantasia."[1] Additional information is available in the report.

If you have collected some malware matching this description, we would be interested to get some samples. You can submit them via our contact form.

[1] http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf
[2] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Samsung will soon release its first Android tablet based on an Intel Atom processor, according to a source familiar with the plan, in what would be a vote of confidence for Intel chips in mobile devices.
Planview has updated the interface of its flagship project portfolio management (PPM) software to make it easier to navigate and appealing to a wider range of potential users.

The Chinese hackers who breached Google's corporate servers 41 months ago gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government, according to a published report.

The revelation came in an article published Monday by The Washington Post, and it heightens concerns about the December, 2009 hack. When Google disclosed it a few weeks later, the company said only that the operatives accessed Google "intellectual property"—which most people took to mean software source code—and Gmail accounts of human rights activists.

Citing officials who agreed to speak on the condition that they not be named, Washington Post reporter Ellen Nakashima said the assets compromised in the attack also included a database storing years' worth of information about US surveillance targets. The goal, according to Monday's report, appears to be unearthing the identities of Chinese intelligence operatives in the US who were being tracked by American law enforcement agencies.

Read 7 remaining paragraphs | Comments

Apple has set up three foreign subsidiaries that the company claims are not resident in any nation for taxing purposes, in an effort to avoid paying tens of billions of dollars in taxes to the U.S. and other countries, according to a new report from a U.S. Senate subcommittee.
Companies in search of workers with the most sought-after IT skills may be better off investing in training programs for current workers than hiring new employees, according to IDC
Yahoo has promised "not to screw up" Tumblr now that it has acquired the freewheeling blogging site. But there are still several ways Tumblr could get better, and worse, as a Yahoo-owned company.
Oracle Sun Products Suite CVE-2013-1530 Local Security Vulnerability
Windows 8 won't be adopted as a standard at your business anytime soon, according to a new Forrester report. But that doesn't mean IT shouldn't prepare for it to sneak through the BYOD side door. Here are five ways to be ready for Windows 8.

I put together a simple .deb package to install our DShield iptables client on Ubuntu. The package is our standard perl client to submit iptables logs, but it is pre-configured for Ubuntu 12.04 LTS. It will submit IPv4 as well as IPv6 logs. Please give it a try and let me know if you run into any issues. For details, see


use our contact form for feedback or send it directly to me at jullrich - at - sans.edu 

The client will install the perl script in /opt/dshield, and all configuration files in /etc/dshield. It will also add an hourly cron job to check /var/log/ufw.log for new logs and mail them to DShield. All parameters can still be further configured via /etc/dshield/dshield.cnf.

To submit logs, we recommend you setup an account. But if you would like to submit anonymous reports, just use "0" as userid.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A boutique system builder has bucked the industry trend of slumping PC sales by continuing to focus on selling Windows 7 machines.
A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark.
For the past several months, security veteran Aaron Turner has been making the rounds at industry events presenting some pretty disturbing information about the state of mobile security.
While Yahoo's acquisition of blogging site Tumblr will make a handful of people very happy, others are not convinced. Here's how to import your posts from Tumblr to WordPress.
nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
The 1-to-2 Flash Drive duplicator transfers data at up to 1.5GB per minute and like StarTech's hard drive duplicator, it's remarkably simple to use.

If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely, Ars has confirmed. And this can only happen if Microsoft can convert the messages into human-readable form at will.

With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at, an IP address belonging to Microsoft. For those interested in the technical details, the log line looked like this:

' - - [16/May/2013 11:30:10] "HEAD /index.html?test_never_clicked HTTP/1.1" 200 -'

The results—which were similar but not identical to those reported last week by The H Security—prove conclusively that Microsoft not only has ability to peer at the plaintext sent from one Skype user to another, but that the company regularly flexes that monitoring muscle.

Read 9 remaining paragraphs | Comments


----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

After being publicly exposed in February as the source of a long list of cyberattacks on US companies and media organizations, the Chinese People's Liberation Army's (PLA) Unit 61396 largely pulled back from the networks the unit had infiltrated. But now, the New York Times reports, the hackers are back in action using new techniques to go after many of the same corporate and government targets they had infiltrated before.

The revived attacks come despite (or perhaps because of) the direct accusations leveled against China's military in a Pentagon report to Congress earlier this month. The White House approved "naming and shaming" the PLA unit in hopes that it would cause the Chinese government to take action. The move was part of an escalation of diplomatic pressure that began in March, when White House National Security Advisor Tom Donilon first publicly mentioned the Obama Administration's appeal to the Chinese government to "engage with us in a constructive dialogue" on cyber security.

"In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the Pentagon report stated. "These intrusions were focused on exfiltrating information. China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support US national defense programs."

Read 1 remaining paragraphs | Comments

Healthcare is rapidly moving toward a patient-centric care model, says Girish Kumar Navani, CEO of electronic health record software vendor eClinicalWorks. To meet this demand, EHR systems ought to be mobile, modular and easy to use, he tells CIO.com. Patients, meanwhile, need an experience that reminds them of online banking.
We all know that relying on a simple user ID and password combination is fraught with peril. One alternative is to use one of the single sign-on solutions we reviewed last year, but there are less expensive options that could also be easier to install.
Google, Microsoft and Yahoo have been confirmed as the secret backers behind the European Privacy Association (EPA) which was accused of a lack of transparency by an independent watchdog on Thursday.
Center stage at this year's Google I/O was a company honing its vision for a future beyond search
Three workers at Foxconn factories in China have fallen to their deaths in recent weeks and police are investigating, according to the company.
Yahoo has confirmed widespread reports that it will acquire the popular blogging service Tumblr, and also promised not to 'screw it up.' The deal is worth about $1.1 billion, nearly all in cash.
Bringing wireless indoors, which was once just a matter of antennas carrying a few cellular bands so people could get phone calls, has grown far more complex and demanding in the age of Wi-Fi, multiple radio bands and more powerful antennas.
Yahoo has confirmed widespread reports that it will acquire the popular blogging service Tumblr, and also promised not to "screw it up." The deal is worth about US$1.1 billion, nearly all in cash.
Stanford WebAuth FastCGI 'login.fcgi' Information Disclosure Vulnerability
RETIRED:Microsoft Internet Explorer CVE-2013-2551 Use-After-Free Remote Code Execution Vulnerability
Microsoft Internet Explorer CVE-2013-2551 Use-After-Free Remote Code Execution Vulnerability
Yahoo will acquire blogging site Tumblr for approximately $1.1 billion, the companies confirmed Monday.
Bob Metcalfe, Dave Boggs and the rest of the scientists at Xerox Palo Alto Research Center in 1973 were a lot like young developers at a Silicon Valley startup today.
Among the enhancements in NetBSD 6.1 is support for the Raspberry Pi's USB and onboard Ethernet, along with security and bug fixes. The same fixes are also in the newly released 6.0.2

Microsoft Windows Kernel 'Win32k.sys' CVE-2013-1334 Local Privilege Escalation Vulnerability
Finnish startup Jolla has announced its first smartphone, which shows off its Sailfish OS on a 4.5-inch screen.
Eight members of Congress have written an open letter to Google CEO Larry Page that outlines privacy concerns about the Internet vendor's computerized eyeglasses.
WordPress Mail On Update Plugin Cross Site Request Forgery Vulnerability
Wireshark RELOAD Dissector CVE-2013-2487 Denial of Service Vulnerability
Wireshark RELOAD Dissector CVE-2013-2486 Denial of Service Vulnerability
Michelle McKenna-Doyle, CIO for the National Football League, is driving innovation with analytics, using sensors to track players on the field and monitoring player health and safety with lab analysis of helmets.
China's remarkable success in infiltrating U.S. government, military and corporate networks in recent years shouldn't be seen as a sign that the country is gaining on the U.S. lead in cybertechnology, security experts say. They're just very persistent and very good at remaining undetected for long periods of time.
About half of the world's companies will adopt BYOD programs by 2017 and will no longer provide computing devices to employees, a new Gartner report predicts.
The deployment has already revealed a whole lot of devices that don't meet the criteria for getting on the corporate network.
Some people are having fits about Google Glass. True, it will change how we think about privacy in public places, but such rethinking started years ago.
The Senate immigration bill's H-1B restrictions have clearly upset Indian firms. But sometimes being in a tough spot can prompt new ways of approaching problems. One firm is implementing software robots.
As personal and professional clouds converge, IT's mission to improve productivity while protecting corporate apps and data is getting tougher.
IT's problems can draw unwanted notice now that Sarbanes-Oxley requires them to appear in 10-K reports as 'material weaknesses.'
As long as a problem seems present, gnarly and intractable, we enjoy following the process that solves it. But once the problem has been solved, it's not so interesting to us anymore.
OnForce CEO Peter Cannone says the use of IT contractors is expanding and will continue to do so.
A convenient online search facility is now available for the enormous amount of data that was accumulated during a port scan of the entire internet

Oracle Database Server CVE-2013-1534 Remote Security Vulnerability
Oracle Database Server CVE-2013-1554 Remote Security Vulnerability
Oracle Database Server CVE-2013-1538 Remote Security Vulnerability
Adobe Acrobat and Reader CVE-2013-2725 Unspecified Memory Corruption Vulnerability
Adobe Acrobat and Reader CVE-2013-2722 Unspecified Memory Corruption Vulnerability
Adobe Acrobat and Reader CVE-2013-2729 Unspecified Remote Integer Overflow Vulnerability
Adobe Acrobat and Reader CVE-2013-3337 Unspecified Memory Corruption Vulnerability
Sure, the headline gives away the answer, but if you had been asked to guess which state has the highest rate of reported identity theft you'd likely have chosen Florida: A large population of vulnerable retirees and a generally high crime rate all but guarantee the distinction.
Samsung will host a US$800,000 contest for developers that build apps for the Galaxy S4 using the company's peer-to-peer software interface.
Devices built around Apple's iOS operating system have been approved by the U.S. Department of Defense for use on its networks, as the department moves to support multivendor mobile devices and operating systems.
Yahoo Japan, the country's largest Web portal, said up to 22 million user IDs may have been leaked during a hack that was discovered last week.
WordPress WP Cleanfix Plugin Cross Site Request Forgery Vulnerability
WordPress WP cleanfix Plugin 'eval()' Function Cross Site Request Forgery Vulnerability

Posted by InfoSec News on May 20


By Gerard Best
Guardian Newspaper
May 19, 2013

Recent attacks on Caribbean computer networks by Internet hackers should
be a major concern for Caribbean businesses and governments.

“Computer hacking is a global problem," technology expert Bevil Wooding
said at the fifth regional meeting of the Caribbean Network Operators
Group (CaribNOG) in Bridgetown,...

Posted by InfoSec News on May 20


By Bryan Tan
Tech Legal
May 20, 2013

The date all data protection compliance project teams in Singapore have
been waiting for has been announced. July 2, 2014, is D-Day when
Personal Data Protection Act will come into effect and when
organizations will need to complete data inventory mapping, process
audits, staff training, and publication of...

Posted by InfoSec News on May 20


The New York Times
May 19, 2013

WASHINGTON -- Three months after hackers working for a cyberunit of China’s
People’s Liberation Army went silent amid evidence that they had stolen data
from scores of American companies and government agencies, they appear to have
resumed their attacks using different...

Posted by InfoSec News on May 20


By Dan Goodin
Ars Technica
May 19 2013

A website that accepts payment in exchange for knocking other sites
offline is perfectly legal, the proprietor of the DDoS-for-hire service
says. Oh, it also contains a backdoor that's actively monitored by the

Ragebooter.net is one of several sites that openly accepts requests to

Posted by InfoSec News on May 20


By Ericka Chickowski
Dark Reading
May 17, 2013

For years now, the risk management gurus of the world have lamented the
scourge of check-box compliance, urging organizations to make more
security decisions based on sound risk management. The philosophy is
that risk-based decisions generally yield more compliant environments:
if an organization manages...
Internet Storm Center Infocon Status