InfoSec News

eSyndiCat Pro Multiple Cross Site Scripting Vulnerabilities
The iPhone 5 smartphone has the A6 CPU, which industry experts say is the first in a line of many upcoming Apple custom processors that will better balance performance with battery life in iPhones and iPads.
Hackers using a Remote Access Trojan (RAT) named Mirage have been engaged in a systematic cyber espionage campaign against a Canadian energy company, a large oil firm in the Philippines and several other entities since at least this April, Dell's SecureWorks Counter Threat Unit says.
As the latest iPhone went on sale Friday, with T-Mobile USA once again left out of the party, the fourth-place U.S. carrier started turning on a network that is designed to offer high data rates on unlocked iPhones.
Scott Roberts released a simple yet easy to use Python script to store and query your collection of malware samples into a SQLite database. The process is simple; it allows storage (indexing basic sample metadata) and retrieval of your samples. The database allows for query by filename, MD5 and SHA256 hashes. The malwarehouse package can be downloaded here.
I changed my database location from the malwarehouse.py script option_base_dir = os.path.expanduser(~/Desktop/malwarehouse/) to option_base_dir = os.path.expanduser(~/malwarehouse/) because this server doesn't have X-Windows running.

First a simple menu:

Entering a malware sample into the SQLite database:

[email protected]:~/malwarehouse$ ./malwarehouse.py -s zz87lhfda88.com -t PWS-LegMir.dll -n Low detection 1.exe

Result when malware sample 1.exe is processed:

[email protected]:~/malwarehouse$ ./malwarehouse.py -s zz87lhfda88.com -t PWS-LegMir.dll -n Low detection 1.exe

Parsing Malware

Analysis complete. Loading.

Sample 1.exe loaded...

Loading Malware 1.exe

Creating /home/guy/malwarehouse/41f5e475e086c991873a35c58234213fc01331d655f3f39a2f1a6d2f0e0ed6b8

Reviewing the last record with the 3 available methods:

[email protected]:~/malwarehouse$ ./malwarehouse.py -f 41f5e475e086c991873a35c58234213fc01331d655f3f39a2f1a6d2f0e0ed6b8

[email protected]:~/malwarehouse$ ./malwarehouse.py -f 4f871a6b9f17c0923963e7dfc73efa58

[email protected]:~/malwarehouse$ ./malwarehouse.py -f 1.exe

Reviewing the last 3 recorded inserted into the malwarehouse database:

If you are looking for a simple and yet effective way of tracking your malware samples, malwarehouse is probably for you. I'm sure Scott Robert is open to suggestions to improve this project . His contact information is listed on the Github download page.

[1] blog.thevigilant.com

[2] https://github.com/sroberts/malwarehouse
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple's stumble with its new mapping app is a debacle right up there with 2010's "Antennagate," analysts said today.
Starbucks said Friday it will update Passbook in iOS 6 at the end of September, presumably meaning it will integrate its existing Starbucks digital payment card into the new mobile app from Apple.
Facebook plans to start charging businesses to run targeted ads in its Offers daily deals service.
ESET reports on how the Flashback Trojan changed the relationship between Apple and Java.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Microsoft issued an out-of-band security bulletin, addressing a zero-day vulnerability and four other flaws in Internet Explorer.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Microsoft today released an emergency patch for Internet Explorer to stymie active attacks that have been exploiting a bug in the browser, finishing a job it started only Monday.
Six months from now, enterprise IT groups will be facing a big change for their Wi-Fi networks, the shift to 802.11ac, which promises wireless data rates that start at 433Mbps.
Adobe Flash Player and AIR CVE-2012-4171 Remote Denial of Service Vulnerability
APPLE-SA-2012-09-19-3 Safari 6.0.1
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
APPLE-SA-2012-09-19-1 iOS 6
Microsoft released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The bulletin is available here.

[1] http://technet.microsoft.com/en-us/security/advisory/2755801

[2] http://blogs.technet.com/b/msrc/archive/2012/09/21/security-advisory-2755801-addresses-adobe-flash-player-issues.aspx

[3] http://www.adobe.com/support/security/bulletins/apsb12-19.html
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. Federal Communications Commission rushed to judgment in giving permission in early 2011 for startup LightSquared to offer LTE service in a band of wireless spectrum next to a band used by GPS devices, several U.S. lawmakers said Friday.
NX Web Companion Applet Handling Arbitrary Code Execution Vulnerability
RivetTracker Multiple SQL Injection Vulnerabilities
Drupal Support Timer Module Multiple Cross Site Scripting Vulnerabilities
[security bulletin] HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
[2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
With every iPhone launch comes fans waiting outside Apple stores in New York, and it was no different for the iPhone 5, which went on sale Friday.
This is a list of links of where each patches can be downloaded that addresses the vulnerability discussed in Microsoft Security Bulletin MS12-063 and reported in diary IE Fixes Available yesterday.
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2744842)

[1] http://www.microsoft.com/en-us/download/details.aspx?id=34723WT.mc_id=rss_allproducts_ie
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2744842)

[2] http://www.microsoft.com/en-us/download/details.aspx?id=34731WT.mc_id=rss_allproducts_ie
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2744842)

[3] http://www.microsoft.com/en-us/download/details.aspx?id=34718WT.mc_id=rss_allproducts_ie
Cumulative Security Update for Internet Explorer 9 in Windows Vista (KB2744842)

[4] http://www.microsoft.com/en-us/download/details.aspx?id=34732
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2744842)

[5] http://www.microsoft.com/en-us/download/details.aspx?id=34736WT.mc_id=rss_allproducts_ie
Cumulative Security Update for Internet Explorer 9 in Windows 7 (KB2744842)

[6] http://www.microsoft.com/en-au/download/details.aspx?id=34713
Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2744842)

[7] http://www.microsoft.com/en-us/download/details.aspx?id=34725WT.mc_id=rss_allproducts_ie
Update 1: The patch is now available via Windows Update.
Update 2: Microsoft has released Microsoft Security Bulletin MS12-063 rated Critical available here. This bulleting address one publicly disclosed and four privately reported vulnerabilities in Internet Explorer.
[8] http://technet.microsoft.com/en-us/security/bulletin/ms12-063
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
RIM CEO Thorsten Heins said that as many as 6% of BlackBerry customers in Europe and Africa may have seen delays in getting and sending messages early Friday.
Long lines formed for days outside of Apple stores in major cities to buy the iPhone 5 today, but smaller crowds also gathered in college towns like Harrisonburg, Va., where the longest wait was overnight in front of the AT&T and Verizon Wireless stores.
Despite an increasing number of successful cyberattacks launched by East Asian hackers against companies and government institutions around the world, Eastern European cybercriminals remain a more sophisticated threat to the global Internet, security researchers say.
Facebook has complied with most, but not all, of the recommendations that the Irish Data Protection Commissioner (DPC) set last year, the agency said Friday.
Salesforce.com customers interested in using the vendor's emerging family of marketing software could benefit from a new partnership it has formed with Facebook for targeted ad delivery.
A leaked document from a project set up by the European Commission to fight terrorism online, reveals suggestions for wide-ranging surveillance.
Apple's iPhone 5 has arrived. Here's a real-time look at what's happening worldwide by IDG News Service reporters in Australia, Japan, Singapore, Hong Kong, France, Germany, the U.K. and the U.S.
How can we explain the FTC's discovery that, for close to a year, Facebook operated a for-profit application security testing service that was little more than a sham?
Cumin Multiple Remote Vulnerabilities
Condor Multiple Security Bypass Vulnerabilities
Research in Motion's BlackBerry users in Europe, the Middle East and Africa experiencing service problems. RIM said service has since been restored and apologized for the disruption.
Samsung Electronics and Motorola Mobility don't infringe on an Apple patent for technology that prevents smartphone users from pushing two buttons at the same time on a touch screen, the lower regional court in Mannheim ruled on Friday, a court spokesman said.
Thieves broke into a number of mobile phone shops across central Japan and stole hundreds of iPhone 5 handsets hours before the device went on sale Friday morning, police said.
AU Optronics was fined $500 million by a San Francisco court on Thursday, and two of its former executives were sentenced to serve three-year prison terms and pay fines in connection with a LCD price-fixing conspiracy, the Department of Justice said.
A hole in the authentication protocol of Oracle's current database version could allow attackers to crack a known user's password offline

Updates for Mac OS X 10.6, 10.7 and 10.8 close a large number of security holes, some of which could be exploited to execute malicious code. Lion also gets the Gatekeeper security feature

Colleges and universities are moving swiftly to create advance degree programs in analytics to manage Big Data.
Apple is clearly making it easy for businesses and IT departments to secure new iOS 6 features and is ramping up devise security in several ways. Columnist Ryan Faas offers an overview of what's new.
With the release of iOS 6 earlier this week, a couple of iOS security related features changed in how they behaved. These come in addition to the long list of security fixes that Apple released in iOS 6. [1]
Siri: Siri gained additional capabilities, including the ability to Tweet and update Facebook. This feature is available even on a locked iPhone. To disable this feature, make sure Siri is disabled when the phone is locked.
Password less updates: Updating Apps no longer requires that you enter your password. I haven't found a method yet to turn this off (but actually like it, as my iTunes password is quite complex)
Social Media Integration: Adding a Facebook account to your iOS device will sync your contact settings with Facebook (there is a clear warning that this will happen). Facebook recently changed the default address of all accounts to @facebook.com and e-mail addresses in your contact list may be updated with the @facebook.com address as a result.
A bug found at this week's pwn20wn contest at the EuSecWest conference apparently leaks personal information like contacts and pictures to malicious websites. The bug was demonstrated in iOS 5.1.1, but has not been fixed yet in iOS 6 as it was just reported to Apple this week. [2]]

Any other security related issues you noticed?
Update: Link to patches added per the comment below.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status