Information Security News
Cisco released a patch(1) for a vulnerability in their Unified Communication Director system, a management system for Cisco UCS and Nexus solutions. The vulnerability, for which there is no workaround, could allow “an unauthenticated, remote attacker to take complete control of the affected device”. This vulnerability affects all devices runnning the software version prior to Release 220.127.116.11 HOTFIX.
Additional details and patch availability can be found at the link below.
tony d0t carothers --gmail
Ionic Security raises $25.5M from Google Ventures, Kleiner
Atlanta Business Chronicle (blog)
Infosec startup Ionic Security raises $25.5M from Google, Kleiner. Cloud wowed: Tom Noonan, from left, Ionic founder Adam Ghetti and Ionic CEO. Enlarge. Byron E. Small. Cloud wowed: Tom Noonan, from left, Ionic founder Adam Ghetti and Ionic CEO Steve ...
Apple sent out 3 bulletins and OS updates today (iOS 6.1.3, iOS 7.0.6, and Apple TV 6.0.2) all fixing a bug that would potentially allow SSL/TLS connections to be vulnerable to undetected man-in-the-middle attacks. All three updates share the same CVE number CVE-2014-1266. The Apple Security updates page does not yet appear to have the updates listed there, but they should be there shortly (may be there by the time you read this). If you have an Apple device running iOS 6 or 7 or Apple TV, you should probably apply these updates ASAP.
Ref: Apple Security Update page - http://support.apple.com/kb/HT1222
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
by Andrew Cunningham
Apple has just released iOS 7.0.6, the sixth minor update to iOS 7. Both it and the new iOS 6.1.6 update "provide a fix for SSL connection verification," their only documented addition. Unlike iOS 7.0.5, which applied only to a few international iPhone 5S and 5C models, the version 7.0.6 update applies to all devices that can run iOS 7. iOS 6.1.6 applies to the iPhone 3GS and fourth-generation iPod touch.
The update to iOS 6 is marginally more interesting than the iOS 7 update, just because Apple has so rarely patched old iOS versions after they've been replaced. The company also released version 6.1.5 for the fourth-generation iPod touch to correct a FaceTime connectivity issue. It's possible that Apple is trying to provide critical security updates to older devices dropped by newer iOS updates, something it also does for older OS X versions for a while after they're superseded by newer software.
The next major iOS 7 update is iOS 7.1, currently in its fifth developer beta. Current rumors suggest it will be released to the public in early or mid-March, and it should include more significant fixes than the six minor updates we've seen since September.
Among the most serious problems with WhatsApp's implementation of secure sockets layer (SSL) encryption is its support of version 2 of the protocol, according to a blog post published Thursday by a researcher from security consultancy Praetorian. That version is susceptible to several well-known attacks that allow people monitoring a connection between the two end points to decipher and in some cases manipulate the traffic as it passes through.
WhatsApp has also failed to implement a technique known as certificate pinning that's designed to block attacks using forged certificates to bypass Web encryption. Pinning allows an app to work only when communicating with a server using a specific certificate. Because the certificate fingerprint is hardcoded into the app, it will reject connections with any impostor certificates—even if they're signed by one of the 500 or so authorities trusted by major browsers and operating systems.
The "Sender Policy Framework" is a simple system to identify which mail servers are allowed to send e-mail on behalf of your domain. We have talked about this (and other standards like DMARC, DKIM) before.
These systems are usually implemented on your mail gateways. The outbound gateway will sign e-mail using your domain key (for DKIM). The receiving mail gateway will check if the headers are present and correct. The mail gateway will then add a special header with the result of the check, and this special header is then used by spam filters to decide if to keep the e-mail (or not).
It appears that spammers are learning and found a way to fool some badly configured mail gateways and spam filters. The spammer will add a header indicating that the e-mail passed the SPF validation. William sent us a sample of a UPS themed e-mail that included a malicious attachment. It included the following headers:
Subject: UPS Delivery Notification Tracking Number : <random string>
Date: Mon, 17 Feb 2014 11:56:04 -0300
From: UPS Quantum View <[email protected]>
X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
Message-ID: <[email protected]>
Received-SPF: pass (google.com: domain of [email protected] does designate 18.104.22.168 as permitted sender) client-ip=22.214.171.124;
Received: from 126.96.36.199 (EHLO mailer.ups.com) (188.8.131.52)
Received: by mailer.ups.com (Postfix, from userid 1000) id A838D7824B;
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-SID-PRA: UPS Quantum View<[email protected]>
The red line indicates that the e-mail passed SPF validation. However, if you are checking the UPS.com SPF record:
Posted by InfoSec News on Feb 21http://articles.economictimes.indiatimes.com/2014-02-19/news/47489884_1_cyber-ddos-participants
Posted by InfoSec News on Feb 21http://english.yonhapnews.co.kr/business/2014/02/20/60/0501000000AEN20140220002000320F.html
Posted by InfoSec News on Feb 21http://www.csoonline.com/article/748548/beware-of-employees-cheap-android-phones
Posted by InfoSec News on Feb 21http://thediplomat.com/2014/02/s-korea-seeks-cyber-weapons-to-target-north-koreas-nukes/
Posted by InfoSec News on Feb 21http://www.wjla.com/articles/2014/02/umd-cyber-attack-exposes-personal-info-of-students-faculty-staff-100387.html