(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This is not what NSA's TAO is doing right now.

A group called the Shadow Brokers made headlines this month by leaking a hacking tool belonging to the NSA's Tailored Access Operations (TAO) team. Now this week, several informed sources suggest an inside source may have been involved.

The leaked software—which can exploit weaknesses in a number of network hardware platforms and other devices—apparently may have come with the help of an NSA insider, according to the analysis of several information security experts, reports citing former NSA employees, and one journalist who had access to the files leaked by Edward Snowden. While the hacking tools were said not to have come from the Snowden documents cache, they may in fact be associated with another leaker who provided information to Jacob Appelbaum and Wikileaks, James Bamford suggests in a commentary published Monday by Reuters.

Details of the hacking tools also match with a training manual for NSA cyberespionage operations included in the Snowden document trove, released last week by The Intercept. Some of the tools also match with entries in the TAO's ANT catalog—an NSA internal wishbook for hardware and software exploits. That document was published in part by Der Spiegel in collaboration with Appelbaum back in December of 2013.

Read 5 remaining paragraphs | Comments

Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability
Oracle Java SE CVE-2016-3422 Remote Security Vulnerability

Two kits favored by red teams and penetration testers have been updated recently, namely hashcat and SpiderFoot. Hashcat and SpiderFoot together read like a Robert Redford/Paul Newman movie title (yes, Im that old). :-) Thanks to handler Rob Vandenbrink for the hashcat call out.


Hashcat v3.10: The worlds fastest password cracker, and the worlds first and only in-kernel rule engine

  • Added some workarounds to deal with problems caused by broken OpenCL installation on the host system
  • Improved rule-engine: Enabled support to use the missing @ rule on GPU
  • Improved rule-engine: On Nvidia, the rule-engine got a small performance improvement

SpiderFoot 2.7.0: An open source intelligence automation tool to automate the process of gathering intelligence about a given target: IP address, domain name, hostname or network subnet. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.

  • Six (6) new modules:
    • BotScout.com search for malicious e-mail addresses
    • MalwarePatrol.net search
    • IBM X-Force Threat Exchange search
    • Amazon S3 bucket search
    • Phone number identification
    • Public vulnerability search (PunkSpider and XSSposed)
  • Authentication and HTTPS support
  • Scan by use case: e.g. use Passive">|">@holisticinfosec (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability
Red Hat JBoss Operations Network CVE-2016-6330 Incomplete Fix Remote Code Execution Vulnerability
Oracle Java SE CVE-2016-3511 Local Security Vulnerability
Path traversal vulnerability in WordPress Core Ajax handlers
[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities
Internet Storm Center Infocon Status