Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple says it will fix a bug in the iOS 7 operating system that has caused some iPhones to crash.
 
Netflix has a message for ISPs that might be thinking about charging more to carry its video service in the wake of last week's net neutrality ruling: Do so at your own risk.
 
Red Hat has updated a number of its products for running private clouds, better preparing them for the complex ways of the enterprise.
 
Ford is enlisting top U.S. universities to make self-driving cars a reality, announcing that it hopes researchers at MIT can come up with advanced algorithms to help vehicles learn where pedestrians and other automobiles will be located.
 
Traditional PCs were used at historically low rates last quarter to open emails, another sign that a long-time task of those notebooks and desktops has been hijacked by mobile devices, an email-centric firm said today.
 
By 2017, the typical mobile user will share their personalized data stream with 100 applications and services every day, with wearable devices and Internet-connected appliances fueling the use trend, according to Gartner.
 

Network and security experts are still trying to nail down the cause of an outage on Tuesday that briefly redirected huge amounts of China's Internet traffic to US destinations.

The incident left a large portion of China's 500 million Internet users unable to visit websites ending in .com, .net, and .org. Requests for addresses ending in those top-level domains were instead sent to IP addresses operated by US-based Dynamic Internet Technology or, according to The New York Times, a 1,700-square-foot house in Cheyenne, Wyoming.

Local officials in China said the incident was the result of a malfunction in the country's domain name system. They called on authorities to do more to protect China's DNS servers. US-based security researchers, however, said a DNS outage or hack was most likely not the cause. A public DNS server operated by Google returned the same faulty IP addresses generated by China's official servers, these researchers said. They pointed out that Dynamic Internet Technology operates services designed to circumvent China's censorship regime, which is often referred to as the Great Firewall of China (GFW).

Read 2 remaining paragraphs | Comments

 

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Scientists at the CERN, or European Organization for Nuclear Research, center in Switzerland say say they've made a "significant step" in the hunt for antimatter.
 
Cisco MediaSense CVE-2014-0671 Open Redirection Vulnerability
 
Cisco MediaSense Search and Play Information Disclosure Vulnerability
 
Cisco MediaSense Search and Play Cross Site Scripting Vulnerability
 
Google, through its plan to link Gmail addresses to its Google+ social network, is violating a privacy agreement the company made with the U.S. Federal Trade Commission, a long-time critic of the company's privacy practices said in a complaint to the agency.
 
It's rare that a company would release internal data on drive failure rates -- even more so when that company, Backblaze, earns its living storing consumer data in the cloud. That makes the hard drive data released this week even more valuable.
 
There is no shortage of tablet options on the market, and consumers have their choice of size. Which size tablet most appeals to you?
 
Dell Multiple PowerConnect Switches SSH Port Remote Code Execution Vulnerability
 
Dell GoAhead Web Server Login Page Form Denial of Service Vulnerability
 
Computer scientists found almost 20 exit relays in the Tor anonymity network that attempted to spy on users' encrypted traffic using man-in-the-middle techniques.
 
Tuesday's Internet outage in China is dividing experts over what caused the networking error, with authorities calling it a hacking attack, and others blaming it on the country's censorship systems.
 
A federal judge has tossed out part of a lawsuit Oracle filed against third-party support providers Terix and Maintech, in what could set a precedent for similar cases.
 
Google, through its plan to link Gmail addresses to its Google+ social network, is violating a privacy agreement the company made with the U.S. Federal Trade Commission, a long-time critic of the company's privacy practices said in a complaint to the agency.
 
Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
 
The Blooog Theme for Wordpress 'jplayer.swf' Script Cross Site Scripting Vulnerability
 
[ MDVSA-2014:020 ] x11-server
 
Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability
 
VMware has reached a deal to acquire mobile management specialist AirWatch for US$1.54 billion, as it aims let users manage desktops, mobile devices and applications using its products.
 
Oracle Java SE CVE-2014-0375 Remote Security Vulnerability
 
[ MDVSA-2014:017 ] net-snmp
 
[ MDVSA-2014:016 ] spice
 
[ MDVSA-2014:015 ] cups
 
SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
 
Oracle Java SE CVE-2014-0418 Remote Security Vulnerability
 
Verizon Communications received more than 320,000 requests for customer information from U.S. federal, state and local law enforcement agencies in 2013, more than 100 times the number of requests from any other country, the telecom carrier said in its first surveillance transparency report.
 
Microsoft Chairman Bill Gates dodged questions yesterday about the lengthening search for a new chief executive to run the company he co-founded nearly 39 years ago.
 
If you've ever wanted to ask NSA whistleblower Edward Snowden a question, you might get your chance on Thursday, January 23 at 3 PM ET/12 PM Pacific. The man who revealed the startling revelations about the NSA's Prism program and cell phone metadata collection--and inspired a slew of security-focused apps and services--is lining up for his second official question and answer session tomorrow.
 
In 2006, Mitchell Frost, then a 19-year-old college student at the University of Akron, used the school's computer network to control the botnets he had created. Authorities say between August 2006 and March 2007, Frost launched a series of denial of service (DDOS) attacks against several conservative web sites, including Billoreilly.com, Anncoulter.com and Rudy Giuliani's campaign site, Joinrudy2008.com. He is accused of taking down the O'Reilly site five times, as well as disrupting the University of Akron's network during a DDOS attack Frost allegedly launched on a gaming server hosted by the university.
 
IBM has revived efforts to sell its low-end server business and Dell, Fujitsu and Lenovo are all lining up to take a look, according to reports this week.
 
Google Glass has raised privacy concerns in many countries. It now appears that it is being monitored as a potential aid to copyright infringement.
 
A new Google service uses YouTube to shed some light on the bandwidth delivered by ISPs.
 

Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time, an expert in speech recognition said.

The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor. The privacy risk, according to a blog post published Tuesday, stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in.

In this demonstration video, a site given permission to access the microphone continues to record all sounds within earshot of the computer with no clear indication of what's happening. From there, Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, "Iran" or "National Security Agency"—are uttered.

Read 5 remaining paragraphs | Comments

 
Oracle Java SE CVE-2013-5884 Remote Security Vulnerability
 

Business Technology

16 million logins compromised, warns German infosec agency
Help Net Security
16 million logins compromised, warns German infosec agency. Posted on 22 January 2014. Bookmark and Share. The German Federal Office for Information Security (BSI) has issued on Tuesday a notification warning that some 16 million online user ...
German infosec agency: 16 million account details stolenBusiness Technology

all 90 news articles »
 
Google Glass isn't without its limitations -- not to mention privacy concerns -- but Google Glass 'Explorers' are finding many ways to use the device to work smarter and faster. The key to more widespread adoption, though, will be seamless integration into existing technology workflows.
 
Three CIOs offer examples of how they are accommodating younger workers.
 
Though the employment picture remains bleak for many IT job seekers out there, the battle to hire talented software developers remains brutal. Here are some tips how to win the battle.
 
VMware has reached a deal to acquire mobile management specialist AirWatch for $1.54 billion, as it aims to let users manage desktops, mobile devices and applications using its products.
 
LinuxSecurity.com: A vulnerability in PCSC-Lite could result in execution of arbitrary code or Denial of Service.
 
LinuxSecurity.com: A vulnerability in Active Record could allow a remote attacker to inject SQL commands.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Poppler, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks.
 
LinuxSecurity.com: A buffer overflow error in GMime might allow remote attackers to execute arbitrary code or cause a Denial of Service condition.
 
LinuxSecurity.com: Multiple stack-based buffer overflows have been found in OpenSC, allowing attackers to execute arbitrary code.
 
LinuxSecurity.com: A heap-based buffer overflow in ldns might allow remote attackers to execute arbitrary code or cause a Denial of Service condition.
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in php: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field [More...]
 
LinuxSecurity.com: A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in sudo which could result in privilege escalation.
 
LinuxSecurity.com: Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able [More...]
 
LinuxSecurity.com: Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, [More...]
 
Vendors don't normally brag about slower products but Advanced Micro Devices is making an exception for its latest Opteron 6300 processors, which have a slower clock speed than their predecessors to reduce power consumption.
 
MW6 Technologies Multiple ActiveX Controls Multiple Remote Code Execution Vulnerabilities
 

Top 10 Influencers in Banking InfoSec
BankInfoSecurity.com
To acknowledge individuals and organizations that are playing critical roles in shaping the way financial services organizations approach information security and privacy, BankInfoSecurity and CUInfoSecurity have announced their annual list of Influencers.

 
[FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20
 
[ MDVSA-2014:014 ] php
 
Collabtive Multiple Security Vulnerabilities
 
IBM Eclipse Help System CVE-2013-5449 Cross Site Scripting Vulnerability
 
At least three security companies have scrubbed information related to Target from the Web, highlighting the ongoing sensitivity around one of the largest-ever data breaches.
 
A court in California has ruled that Samsung Electronics infringed in its devices an Apple patent on word recommendations during text input, ahead of a March trial.
 
The employer with the most IT job postings last year was Amazon.com, with 16,146 ads, exceeding most other IT firms by a wide margin, according to a new report.
 
SimpleAir is seeking $125M in damages from Google after a jury found that push notification services in Android infringe on a SimpleAir patent, the company said Tuesday.
 
Scientists at the Lawrence Livermore National Laboratory are working on a project that envisions a team of small satellites acting as traffic cops in space
 
Angry users of LogMeIn's free remote access service are lashing out at the company for giving them what amounts to a week's warning that their plugs would be pulled.
 
The evidence is all around us that the battle will eventually be lost.
 
Cloud-based back ends for mobile applications combine key services with varying degrees of complexity
 
The employer with the most IT job postings last year was Amazon.com, with 16,146 ads, exceeding most other IT firms by a wide margin, according to a new report.
 
Now that OS X Mavericks Server has some new enterprise-oriented features and the updated Mac Pro has finally arrived, it's time to ask whether Apple is edging back into the data center, says columnist Ryan Faas.
 
Initially when major breaches or incidents announced via the media, everyone and their pet dog has a theory about how it happened.  As an Incident handler, I love a good explanation of what really happened when systems get breached, rather that the wide ranging, speculative theories. Most of us completely understand that during a breach information has to be limited to a need to know basis while the incident is being worked on and have to run their course before the investigators can even think about publically publishing their findings. That means the armchair security experts can pontificate endlessly of what they think happened. When an official report does get published of the breach, I tend to feel big chunks are missing, with some excellent notable exceptions.  When discovering a public, well written, comprehensive report, that dives in to the nitty-gritty of an attack it cries out to be shared and should be cherished, voraciously dissected, pillaged for any tactical or strategic indicators and then carved up for lessons learned  whenever they surface.
 
So when an IR report was published today and I read it, I got rather excited*. There have been a number of stories on ColdFusion attacks over the last year. Brian Krebs had reported on a particular interesting case [1] of attacks against ColdFusion, but despite Brian’s excellent pieces, I hadn’t found the real technical meat of what happened and how.
  
RSA's Incident Response Team today published [2] their findings dealing with a particular adversary that took advantage of a known vulnerability in ColdFusion and used as a bridgehead to gain access to the internal network then fully compromise it and exfiltrate data across multiple forms and companies. I won’t spoil the read, (the full PDF is here [3]) but they provide plenty of exacting details, the tools techniques and procedures used , their own suggested lessons learned and a stack of indicators of compromise [4] for you to run against your own networks. 
 
To me, reports like these should be compulsory reading if you're in a security role. Following the twists and turns an attacker took to get that initial compromise then how they pivoted inside a network and pillaged the data. We as security people need to understand what and how these other firms were compromised, then flip the attack on your own systems and see how we can detect or protect against becoming the next breach story in the spotlight.
 
If you know of any other papers you believe IR teams should have to read on the details of a breach , add them in the comments or send them in to us [5]
 
[1] http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/ 
[2] https://blogs.rsa.com/dissecting-tactics-techniques-advanced-adversary/
[3] http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf
[4] http://www.emc.com/collateral/white-papers/h12756-rsa-incident-response-emerging-threat-profile.zip
[5] https://isc.sans.edu/contact.html#contact-form
 
* In a proper Internet Storm Center Handler manner, of course. Lots of nodding and the like.

 

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cacti 'rra_id' Parameter SQL Injection Vulnerability
 

Business Technology

German infosec agency: 16 million account details stolen
Business Technology
German infosec agency: 16 million account details stolen. 22 January 2014 • By Matt Smith. Nearly 16 million German and French email addresses and passwords for online accounts have been stolen by botnet operators, according to the German Federal ...

and more »
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Amazon has approached several major media conglomerates to discuss adding live cable TV channels to its Prime Instant Video service, according to a report in The Wall Street Journal on Monday.
 
Internet Storm Center Infocon Status