Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
FUSE CVE-2015-3202 Local Privilege Escalation Vulnerability

Posted by InfoSec News on May 22


By Violet Blue
Zero Day
May 21, 2015

Headlines and infosec pros alike have been going mental over security
researcher Chris Roberts' alleged mid-flight hacking of a commercial
airplane, and his subsequent detainment by the FBI in April.

Things got hysterical last weekend when a month-old FBI search warrant
application surfaced in headlines...

Posted by InfoSec News on May 22

Forwarded from: bluknight <bluknight () skytalks info>

== https://skytalks.info ==

Skytalks is a 'sub-conference' that gives a unique platform for
researchers to share their research, for angry hackers to rant about
the issues of their industry, and for curious souls to probe
interesting issues, all without the watchful eye of the rest of the
world. With a strict, well-enforced "no recording" policy, research
that is...

Typically we try to device attackers into different groups, all the way from Script Kiddies (no resources, no skills, quite a bit of time/persistance) to more advanced state sponsored attackers (lots of resources, decent skills and ability to conduct long lasting persistent attacks).

So it was a bit odd to see an attack against a rather old vulnerability in DeDeCMS">The attack:

GET /uploads/plus/search.php?keyword=11typeArr[%[email protected]%27%60and%28SELECT1%20FROM%28selectcount%28*%29,concat%28floor%28rand%280%29*2%29,%28SELECT/*%27*/concat%280x5f,userid,0x5f,pwd,0x5f%29fromdede_adminLimit0,1%29%29afrominformation_schema.tables%20group%20by%20a%29b%29]=1 HTTP/1.1 301 178 - Python-urllib/2.7

DeDeCMSis a Drupal like content management system popular in China [1]. Exploits like the one above have been used at least since 2013 [2]. The site that was attacked above does not use DeDeCMS, so the attacker did not do any recognizance.

The attacker also doesnt bother modifying the user agent and keep the Python-urllib/2.7 user agent indicating that the tool used to conduct the scan was written in Python. Many web application firewalls would block the request just for using that user agent.

The SQL statement that is being attempted:

SELECT 1 FROM(select count(*),concat(floor(rand(0)*2),(SELECT/**/concat(0x5f,userid,0x5f,pwd,0x5f) from dede_admin Limit 0,1))a from information_schema.tables group by a)b)]=1

A nice piece of SQL obfuscation, but I believe the goal is to retrieve the first username and password from the dede_admin table.

Sort of interesting: These were not the only attacks from these two IP addresses, and they did start out with some recognizance:

GET / HTTP/1.1 301 178 - +http://www.google.com/bot.html)

Here they spoof the Google user agent. The even first try out the plus/search.php URL:

GET //plus/search.php?keyword=astypeArr[111%[email protected]`\x5C`)+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+`%[email protected]__admin`%[email protected]`\x5C`+]=a HTTP/1.1 404 9093 - +http://www.google.com/bot.html)

But even though it returns a 404, they still proceed with the attack.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Multiple OleumTech Products CVE-2014-2361 Local Security Bypass Vulnerability
Multiple OleumTech Products CVE-2014-2362 Predictable Random Number Generator Weakness

Posted by InfoSec News on May 22


By Dan Goodin
Ars Technica
May 21, 2015

An estimated 500 million Android phones don't completely wipe data when
their factory reset option is run, a weakness that may allow the recovery
of login credentials, text messages, e-mails, and contacts, computer
scientists said Thursday.

In the first comprehensive study of the...
MIT Kerberos 5 CVE-2014-5355 Multiple Denial of Service Vulnerabilities
[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability
[SECURITY] [DSA 3270-1] postgresql-9.4 security update


Infosec practitioners face host of challenges
Boshoff says infosec improvements are being hindered by a lack of buy-in and support from business. "It is very difficult for security practitioners to successfully implement security protocols within an organisation when they have resistance from the ...


E-mail addresses, sexual orientations, and other sensitive details from almost four million AdultFriendFinder.com subscribers have been leaked onto the Internet following a hack that rooted the casual dating service, security researchers said.

The cache includes more than 3.8 million unique e-mail addresses of current and former subscribers, Australian security researcher Troy Hunt reported early Friday morning. The data, which is in the form of 15 Microsoft Excel spreadsheets, was first seeded to anonymous sites hosted on the Tor privacy network. It has since spread to sites on the open Internet. Links to sites hosting the data are easily found on Twitter and other social networking sites, (Ars isn't publishing the locations).

The compromise was first reported by British broadcaster Channel 4. In addition to including e-mail addresses and the sexual orientations of users, the data also provided other sensitive information, such as ages, zip codes, and whether the subscriber was seeking an extramarital affair. The trove included information for deleted accounts as well as those still current.

Read 3 remaining paragraphs | Comments

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
Oracle MySQL Server CVE-2015-0405 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-2571 Remote Security Vulnerability
Google Chrome CVE-2015-1265 Multiple Unspecified Security Vulnerabilities

Posted by InfoSec News on May 22


By Maggie Ybarra
The Washington Times
May 21, 2015

FBI agents can’t point to any major terrorism cases they’ve cracked thanks
to the key snooping powers in the Patriot Act, the Justice Department’s
inspector general said in a report Thursday that could complicate efforts
to keep key parts of the law operating.

Inspector General Michael...

Posted by InfoSec News on May 22


By Dan Sung
The Independent
22 May 2015

A hacker has exposed the personal and sexual details of nearly 4 million
users on one of the world-leading dating sites.

The details lifted from the database of Adult FriendFinder include the
information of previous members who had previously deleted their accounts....

Posted by InfoSec News on May 22


By Elizabeth Snell
Health IT Secutity
May 21, 2015

The US Coast Guard (USCG) must do a better job in its PHI security
measures, according to a recent report from the Office of the Inspector
General (OIG).

Specifically, USCG lacks a strong organizational approach to resolving
privacy issues, the report stated, which leads to the agency having

Posted by InfoSec News on May 22


May 22, 2015

Internet users in Korea are notoriously more exposed to security risks
than their counterparts in other countries, partly because their password
hints are too easy to guess, Google analysis released Thursday shows.

The search giant analyzed security questions selected by the users around
the world to help them when they forget the password....

Posted by InfoSec News on May 22


By Darren Pauli
The Register
22 May 2015

The Payment Card Industry Security Standards Council has created a
taskforce charged with improving security among small businesses.

The prodigious task will be tackled by encouraging small businesses to
adopt security best practice and simplified Payment Card Industry Data
Security Standards (PCI DSS)....
[SECURITY] [DSA 3268-1] ntfs-3g security update
[SECURITY] [DSA 3267-1] chromium-browser security update
[security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
Internet Storm Center Infocon Status