(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Google shut down malicious Web attacks coming from a compromised advertising network on Friday. The move follows a security firm's analysis that found the ad platform, Zedo, serving up advertisements that attempted to infect the computers of visitors to major websites.

In an attack that ended early Friday morning, visitors to Last.fm, The Times of Israel, and The Jerusalem Post ran the risk of their computers becoming infected as Zedo redirected visitors' systems to malicious servers. Because the advertisements hosted on Zedo's servers were distributed through Google's Doubleclick, the attack reached millions of potential victims, Jerome Segura, senior security researcher at Malwarebytes Labs, told Ars.

Distributing malware through legitimate advertising networks, a technique known as "malvertising," has become an increasingly popular way to compromise the systems of consumers and workers alike.

Read 9 remaining paragraphs | Comments

D-Bus CVE-2014-3638 Denial of Service Vulnerability
D-Bus CVE-2014-3635 Local Heap Buffer Overflow Vulnerability
Adobe Acrobat and Reader CVE-2013-2730 Remote Buffer Overflow Vulnerability
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
Apple Mac OS X CVE-2014-4350 Buffer Overflow Vulnerability
"We sell hammers" was the justification Home Depot managers gave for cheaping out on security to IT employees.

When Home Depot suffered a breach of transaction data that exposed as many as 52 million credit card transactions earlier this year, the company reportedly suffered from lax computer and network security measures for years. Apparently, the company wasn’t helped much by its selection of a security architect either. Ricky Joe Mitchell was hired by Home Depot in 2012, and in March of 2013, he was promoted to the position of Senior Architect for IT Security at Home Depot, in charge of the entire company’s security architecture. In May of 2014, Mitchell was convicted of sabotaging the network of his former employer.

When Mitchell learned he was going to be fired in June of 2012 from the oil and gas company EnerVest Operating, he “remotely accessed EnerVest’s computer systems and reset the company’s network servers to factory settings, essentially eliminating access to all the company’s data and applications for its eastern United States operations,” a Department of Justice spokesperson wrote in a release on his conviction. “Before his access to EnerVest’s offices could be terminated, Mitchell entered the office after business hours, disconnected critical pieces of…network equipment, and disabled the equipment’s cooling system.” As a result of his actions, the company permanently lost some of its data and spent hundreds of thousands of dollars repairing equipment and recovering historical data. It took a month to bring the company’s office back online, costing the company as much as $1 million in lost business.

And that wasn’t the first time he used technology for revenge. Mitchell’s previous legal troubles resulting from malicious use of his technical skills dates back to when he was a high school junior. In 1996, at the age of 17, Mitchell—who then went by the handle “RickDogg” in online forums—planted viruses in his high school’s computer system. He was suspended for three days from Capital High School for planting 108 computer viruses “to disk space… assigned to another student on the Capital High School computer system,” according to a school district memo obtained by the Charleston Gazette. He then posted threats to students whom he blamed for reporting him. Mitchell was expelled from the school and sued to be re-instated. The case eventually went to the West Virginia Supreme Court.

Read 2 remaining paragraphs | Comments

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
Apache POI CVE-2014-3574 Denial Of Service Vulnerability

I just receive a pretty "plausible looking" e-mail claiming to originate from Logmein.com. The e-mail passed the first "gut check".

  • The "From" address is [email protected]
  • It was sent to an address I have used for Logmein in the past
  • The only link inside the e-mail went to a legit Logmein URL.

Of course, the .zip attachment did set off some alarm bells, in particular as it unzipped to a .scr (Screen Saver).

According to VirusTotal, AV detection is almost non-existant at this point:

LogmeIn does publish a SPF record, and the e-mail did not originate from a valid LogmeIn mail sender, so it should be easy to descriminate against these emails using a standard spam filter.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LinuxSecurity.com: A vulnerability in libxml2 allows a remote attacker to cause Denial of Service.
LinuxSecurity.com: A vulnerability in c-icap could result in Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
LinuxSecurity.com: NSS was updated to refresh the CA certificates bundle.
LinuxSecurity.com: Updated qemu-kvm-rhev packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary

Haven't upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOS's core graphics library. An exploit is now available for this vulnerability.

NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it.

The author claims that the exploit is "compleatly reliable and portable on iOS 7.1.x". The exploit comes in the form of a malformed PDF, which would usually be delivered as an image inside an HTML page.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Sep 22


By Jack Moore
September 19, 2014

Michael Daniel, the White House’s cybersecurity coordinator, courted
controversy last month when he gave an interview on his role setting cyber
policy for the Obama administration.

But it wasn’t his thoughts on how the government can better protect its IT
systems from intrusions...

Posted by InfoSec News on Sep 22


By Sean Gallagher
Ars Technica
Sept 20 2014

Former information technology employees at Home Depot claim that the
retailer’s management had been warned for years that its retail systems
were vulnerable to attack, according to a report by the New York Times.
Resistance to advice on fixing systems reportedly led several members of
Strength and Weakness of Methods to Confirm SSH Host Key
TP-LINK WDR4300 - Stored XSS & DoS

Posted by InfoSec News on Sep 22


By David Shamah
The Times of Israel
September 21, 2014

Israel is stepping up its cyber-defense efforts. The government on Sunday
announced establishment of a new cyber-defense authority to coordinate
cyber-security efforts among government, industry, and the civilian
sectors. Just last year, it set up the National Cyber Bureau and the two
steps show that the...
[SECURITY] [DSA 3030-1] mantis security update
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product
[SECURITY] [DSA 3029-1] nginx security update

Posted by InfoSec News on Sep 22


By Eric Wicklund
Editor, mHealthNews
September 18, 2014

App developers, who say they are being left out of important mHealth
privacy and security conversations, are calling on the federal government
to give them a little more transparency around the issues.

In a letter to Congressman Tom Marino, R-Pa., several developers and the
5,000-member ACT/The App...

Posted by InfoSec News on Sep 22


By Richard Byrne Reilly
September 18, 2014

At the Defcon security conference in Las Vegas in early August, I waited
in line with my esteemed colleague Dean Takahashi for 40 minutes in order
to get our pictures taken with perhaps the most unabashed instigator in
the history of technology.

John McAfee.

McAfee, of course, is the security software legend who...
Internet Storm Center Infocon Status