(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The spear-phishing e-mail received by Clinton campaign staffer William Rinehart matches messages received by both former Secretary of State Colin Powell and Clinton campaign chairman John Podesta. (credit: The Smoking Gun)

The breach of personal e-mail accounts for Clinton presidential campaign chairman John Podesta and former Secretary of State Colin Powell have now been tied more closely to other breaches involving e-mail accounts for Democratic party political organizations. Podesta and Powell were both the victims of the same form of spear-phishing attack that affected individuals whose data was shared through the “hacktivist” sites of Guccifer 2.0 and DCLeaks.

As Ars reported in July, the spear-phishing attack used custom-coded Bit.ly shortened URLs containing the e-mail addresses of their victims. The URLs appeared in e-mails disguised to look like warnings from Google about the victims’ accounts. These spear-phishing attacks were tracked by the security firm SecureWorks as part of the firm’s tracking of the “Fancy Bear” threat group (also known as APT28), a hacking operation previously tied to a phishing campaign against military and diplomatic targets known as Operation Pawn Storm.

As The Smoking Gun reported in August, one of these e-mails was sent to William Rinehart, a staffer with the Clinton presidential campaign. Rinehart’s e-mails were leaked on the DCLeaks site. DCLeaks also carried the e-mails of Sarah Hamilton, an employee of a public relations firm that has done work for the Clinton campaign and for the DNC. Hamilton's e-mails were offered to The Smoking Gun by someone claiming to be Guccifer 2.0 via a password-protected link on the DC Leaks site.

Read 1 remaining paragraphs | Comments


Enlarge (credit: George Hodan)

Since June, some entity has been releasing e-mails and electronic documents obtained via network intrusions and credential thefts of politicians and political party employees. Some of the releases have appeared on sites believed to be associated with Russian intelligence operations; others have appeared on Wikileaks. On occasion, the leaker has also engaged journalists directly, trying to have them publish information drawn from these documents—sometimes successfully, other times not.

The US government has pinned at least some of the blame for these leaks on Russia. This has led some observers to argue that WikiLeaks and Russian intelligence agencies are "weaponizing" the media. This is what national security circles refer to as an "influence operation," using reporters as tools to give credibility and cover to a narrative driven by another nation-state. The argument is that by willingly accepting leaked data, journalists have (wittingly or not) aided the leaker's cause. As such, they have become an "agent of influence."

The Grugq, a veteran information security researcher who has specialized in counterintelligence research and a former employee of the computer security consulting company @stake, penned an article about the topic yesterday. "The primary role for an agent of influence," he wrote, "is to add credibility to the narrative/data that the agency is attempting to get out and help influence the public." Such agents might friendly with or controlled by the agency trying to spread the information, but they can also be unwitting accomplices "sometimes called a 'useful idiot,' unaware of their role as conduits of data for an agency."

Read 21 remaining paragraphs | Comments

WordPress PhotoXhibit Plugin 'pages/build.php' Cross Site Scripting Vulnerability
WordPress page-layout-builder Plugin CVE-2016-1000141 Cross Site Scripting Vulnerability
WordPress parsi-font Plugin 'css.php' Cross Site Scripting Vulnerability
Hopper Dissassembler CVE-2016-8390 Remote Code Execution Vulnerability

(credit: michael)

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

Read 6 remaining paragraphs | Comments

Oracle MySQL Server CVE-2015-4767 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-2643 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-2620 Remote Security Vulnerability
Apache Subversion 'deadprops.c' Security Bypass Vulnerability
Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
musl libc 'tre_tnfa_run_parallel()' Function Integer Overflow Vulnerability
WordPress WP-OliveCart Plugin Multiple Security Vulnerabilities
Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
Multiple Huawei Smart Phones Drivers Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities
OpenSSL CVE-2016-6309 Remote Code Execution Vulnerability
OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
EMC Avamar Data Store and Avamar Virtual Edition Local Privilege Escalation Vulnerability
ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Multiple Cisco Products CVE-2016-6439 Denial of Service Vulnerability
[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution
Internet Storm Center Infocon Status