Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.
Australia has charged a 24-year-old man who allegedly defaced a government website earlier this month and claims to be the leader of LulzSec, a rogue inactive hacking group.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Infosec 2013: HP launches security test solution WebInspect 10.0
The security division of tech giant HP has marked the first day of Infosec 2013 with the launch of its new application-testing solution, HP WebInspect 10.0. Designed to identify security vulnerabilities in web services and apps, WebInspect 10.0 enables ...

and more »


Infosec 2013: Businesses must play lead role in fight against cyber threats
Businesses must take a leading role in the fight against cyber crime in order to ensure the UK thrives in the online world, according to university minister David Willetts. Willetts, speaking at the InfoSec event in London on Tuesday afternoon, said ...



Infosec 2013: PwC flags rise in SMB security breaches
SMBs can no longer afford to assume their small size will keep them off the radar of cyber criminals and hackers, according to professional services firm PricewaterhouseCoopers. The advisory firm used the first day of the Infosecurity Europe event in ...

and more »
Invoking the success of Apple's game-changing iPhone and iPad, CEO Tim Cook has hinted that Apple will introduce "exciting new product categories" starting this fall and through the end of 2014.

This report is pretty much an annual staple. The 2013 report has been released and can be obtained here.  




(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The troublesome KB2823324 from last month has been re-released through KB2840149.  The theory is that this one will not cause the same isue.  Let us know if it does.  

More details here http://technet.microsoft.com/en-us/security/bulletin/ms13-036


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Shabbir Baliwala, solutions director for ASEAN, Compuware Asia, explains how organisations and retailers can cater to consumer needs through social media and make sense of big data.

The world of stock broking runs on one word: Speed. But manual processes could play spoilsport and derail business, giving competition an opportunity.  Kotak Securities strove to change that and, on its way, created an industry-first.


Apple's net profit dropped during the second quarter of 2013 as the company's iPhone shipment growth slowed down, based on year-over-year comparisons.
AT&T has reported revenue of US $31.4 billion for the first quarter of 2013, down slightly from a year earlier, although net income was up slightly, with a sagging wireline business division nearly offsetting mobile and wired broadband growth.
Asustek has shipped its Google TV streaming device called Cube, which will become available starting this week for US$139.99.
Microsoft Windows 'Win32k.sys' CVE-2013-1292 Local Privilege Escalation Vulnerability
Microsoft Windows 'Win32k.sys' CVE-2013-1283 Local Privilege Escalation Vulnerability
Microsoft Windows CVE-2013-1293 Local Privilege Escalation Vulnerability

Infosec 2013: 'Security must home in on data - not its surroundings'
Unlike many trade shows in the tech world which turn into a simple battle of products, Infosecurity Europe brings together a battle of theories and philosophies too, as industry experts preach what they believe is the key to keeping organisations safe ...

The seven-minute drop in the Dow Jones Industrial Average touched off by a single tweet falsely claiming the White House had been bombed. It temporarily wiped out about 1 percent of the average, which can translate into millions or billions of dollars in market capitalization.

Stock prices plunged and then quickly recovered after a Twitter account belonging to the Associated Press was hacked and used to send a bogus report falsely claiming that the White House had been bombed and President Obama was injured.

"The @AP Twitter account has been suspended after it was hacked," an unaffected Twitter account belonging to the news organization confirmed. "The tweet about an attack on the White House was false."

In a testament to the power that social media has on real-world finances, the Dow Jones Industrial Average fell 150 points, or about 1 percent, immediately following the tweet, with other indexes reacting similarly. The Dow quickly regained the lost ground about seven minutes after the sell-off began, when the AP confirmed that the report was false.

Read 5 remaining paragraphs | Comments

Microsoft today re-released a security update that had crashed customers' PCs and crippled the machines with endless reboots, saying that the revised patch is now safe to install.
The Twitter account of the Associated Press was hacked today and a bogus tweet was sent claiming President Obama had been hurt in an explosion.


Infosec 2013: Every business in the cyber war frontline, says Kaspersky
Every business is on the frontline of the fight against cyber threats, says Eugene Kaspersky, chief executive of security firm Kaspersky Lab. “Every company is a victim of cyber attacks, whether they know it or not,” he told attendees of Infosecurity ...
Infosec 2013: Terrorists will wreak havoc with stolen cyber weapons, warns ...V3.co.uk
Cyber terrorists are only a matter of time, warns Eugene KasperskyInquirer

all 3 news articles »

Infosec 2013: APTs are hard to defend against, but not impossible
SC Magazine UK
Subscribe to our RSS feeds RSS | Log in | Register · SC Magazine UK > News > Infosec 2013: APTs are hard to defend against, but not impossible. Infosec 2013: APTs are hard to defend against, but not impossible. Dan Raywood. April 23, 2013. Print ...

After facing a congressional battering over security concerns, Huawei's carrier networking group is no longer focused on the U.S. market, and instead expects to find ample business in other parts of the world.
Western Digital is now shipping what it said is the world's first 2.5-inch, 5mm hard drives and solid-state hybrid drives (SSHDs) for use in ultra-slim notebooks.
Java vulnerability hunters from Polish security research firm Security Explorations claim to have found a new vulnerability that affects the latest desktop and server versions of the Java Runtime Environment (JRE).
Open-source board maker BeagleBoard.org has introduced a bare-bones PC starting at $45, bringing it closer to the popular Raspberry Pi, which offers basic models for $25 and $35.
LinuxSecurity.com: Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon. When packets are forwarded via TCP, packet length is not checked against [More...]
LinuxSecurity.com: Multiple unspecified vulnerabilites has been found and corrected in mysql. Please read the Oracle Critical Patch Updates pages for further information. The updated packages provides the latest supported mysql version from [More...]
LinuxSecurity.com: A vulnerability has been found and corrected in roundcubemail: A local file inclusion flaw was found in the way RoundCube Webmail, a browser-based multilingual IMAP client, performed validation of the 'generic_message_footer' value provided via web user [More...]
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in roundcubemail: Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email (CVE-2012-4668). [More...]
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple's Mac has been punished by shifting consumer tastes just as has the overall PC industry, data from the company's earnings statements show.
Even as several states have put in place, or are proposing new laws barring employers from monitoring the social media activities of their employees, one Wall Street regulator is seeking exemptions to such rules for some financial services companies.

If you haven't installed last week's patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a good time. As in immediately. As in, really, right now.

In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure.

The post doesn't say where the attacks were being hosted or precisely how attackers are using them. Still, Oracle describes the vulnerability as allowing remote code execution without authentication. And that means you should install the patch before you do anything else today. The track record of malware purveyors of abusing advertising networks, compromised Apache servers, and other legitimate enterprises means readers could encounter attacks even when they're browsing a site they know and trust.

Read 3 remaining paragraphs | Comments


Help Net Security

CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss
The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva. The report arrives just as a privacy row rages over the new Cyber ...
Infosec 2013: Research shows value in crowd-sourced threat intelligenceComputerWeekly.com

all 5 news articles »
Chinese handset maker Huawei plans to introduce a new smartphone in the middle of this year, packed with the "best hardware and design," and is preparing to open a slew of new stores in its home market.
Adam Gowdiak says he has found another hole in Java - one that affects not only the latest release for the desktop version Java SE but also the server version of the JRE

libtirpc 'svc_getargs()' Function Denial of Service Vulnerability
[ MDVSA-2013:150 ] mysql
[ MDVSA-2013:149 ] roundcubemail
Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A
[SECURITY] [DSA 2663-1] tinc security update
[ MDVSA-2013:148 ] roundcubemail

Infosec skills - Finally some answers to the big question
SC Magazine UK
It's the problem that won't go away – so what is actually being done by the industry, government and academia to resolve the infosec skills crisis, asks Phil Muncaster. Of all the most hotly debated topics in information security, from the never-ending ...

and more »
There still seem to be a lot of security flaws in iOS apps, but new tools could help fix that.
The US National Institute of Standards and Technology (NIST) has certified a number of cryptographic technologies in Red Hat Enterprise Linux (RHEL) 6.2 with the Federal Information Processing Standard (FIPS) 140-2

RETIRED: Linux Kernel Multiple Local Information Disclosure Vulnerabilities
SIEMENS SIMATIC S7-1200 CVE-2013-0700 Denial of Service Vulnerability
Making use of the petabytes of patient data that healthcare organizations possess requires extracting it from legacy systems, normalizing it and then building applications that can make sense of it. That's a tall order, but the facilities that pull it off can learn a lot.
The value of mobile data and messaging revenues has exceeded voice call revenues for the first time in Australia, according to new research from technology analyst firm, Telsyte.


Infosec 2013: Terrorists will wreak havoc with stolen cyber weapons, warns ...
The Russian security chief said he expects to see terrorist groups emerge using malware to mount cyber attacks in the near future, during a keynote speech at Infosec in London on Tuesday. "Of course there are state-sponsored attacks. I think ...
Infosec 2013: Every business in the cyber war frontline, says KasperskyComputerWeekly.com
Cyber terrorists are only a matter of time, warns Eugene KasperskyInquirer

all 3 news articles »

TechWeekEurope UK

InfoSec 2013: China Is 'Biggest Source Of Advanced Cyber Attacks'
TechWeekEurope UK
Nine in 10 APT tools is made in China, according to a report from security firm FireEye, which released its findings at the InfoSec 2013 conference in London today. Gh0st RAT was the most prevalent remote access Trojan in what the industry calls ...

and more »
Salesforce.com is taking steps to combine its acquisitions in social media monitoring and social advertising with its core CRM (customer relationship management) software through a new product called Social.com.
Nokia has accused supplier STMicroelectronics of selling microphones Nokia says it developed to rival HTC, and on Monday won an injunction in the Amsterdam District Court preventing their sale.

Professional monitor in association with (ISC)2: Infosec professionals need to ...
SC Magazine UK
Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief. Like the information security community, which is close-knit and coherent, we need ...



Infosec 2013: UK vendors can profit from growing cyber threats, says ...
In the opening keynote of Infosecurity Europe 2013, government minister Chloe Smith said the UK cyber security industry can profit from the growing threats online, as their services will become more in-demand than ever before. Smith, the Minister for ...
Infosec: UK fighting back in cyber battle as security sector growsV3.co.uk
Infosec 2013: Cyber threats, challenge and opportunity for UK, says ministerComputerWeekly.com

all 4 news articles »

SC Survey: Skills shortage in infosec
SC Magazine UK
SC Magazine's latest survey asked the key questions on the skills and people shortage in the infosec industry. Here, we analyse the main findings from the online poll. The latest SC Magazine survey, which ran for around three weeks at the end of ...

Even though the majority of data breaches continue to be the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon.
When Microsoft reported its third-quarter financial results last week, company officials trumpeted several metrics about sales and adoption of Office 365, the cloud subscription suite for email and collaboration.
As application development increasingly hooks into outside services, tools to manage all those APIs are sprouting up
Just as the mobile world seems to be finding peace and harmony around LTE, the age-old feud between GSM and CDMA is flaring up again.
Linux Kernel Multiple Local Information Disclosure Vulnerabilities

University research challenges reliability of IPS
Research shows that intrusion prevention systems (IPSs) are not as effective at detecting malicious activity as many organisations that have deployed them may think. Almost 78% of IPS systems tested by the University of South Wales failed to detect ...

and more »


Infosec 2013: UK fighting back in cyber battle as security sector grows
The minister, speaking at Infosec 2013 on Tuesday morning, said funding from the country's Cyber Strategy has already created a boom in the number of security companies operating in the UK. A second growth spurt would occur in the next four years, she ...
Infosec 2013: UK vendors can profit from growing cyber threats, says ...ITProPortal
Infosec 2013: Cost of cyber breaches rises three-fold, research showsComputerWeekly.com
Infosec 2013: PwC flags rise in SMB security breachesIT PRO
TechWeekEurope UK -SC Magazine UK -ChannelBiz
all 42 news articles »
Five tech departments share strategies for navigating the exploding demand for consumer gadgets at work. Insider (registration required)

Infosec 2013: Research shows value in crowd-sourced threat intelligence
Latest Headlines. Infosec 2013: Research shows value in crowd-sourced threat intelligence · Infosec 2013: Every business a target of cyber attack, Verizon breach report shows · Infosec 2013: Tech firms among top cyber targets, report shows · View All ...

and more »

New York Times

Infosec 2013: Every business a target of cyber attack, Verizon breach report shows
Latest Headlines. Nationwide systems down · Infosec 2013: Every business in the cyber war frontline, says Kaspersky · Health minister Jeremy Hunt tells SMEs: 'The NHS needs you' · View All News ...
Should Insiders Really Be Your Biggest Concern?Dark Reading
2013 Verizon DBIR: Authentication attacks affect all organizationsTechTarget
data spies hunt industrial secretsBBC News
Computing -CSO Magazine -CSO (blog)
all 77 news articles »
avast! Mobile Security for Android CVE-2013-0122 Local Denial of Service Vulnerability

Firewall tech pioneer Gil Shwed: Former teen sysadmin on today's infosec biz
Feature Twenty years after the technology behind FireWall-1 was first developed, the teenage coding prodigy who founded Check Point says that "IT security is [still] very hot". Shwed, 44, is the co-founder, chief exec and chairman of Check Point, whose ...

and more »

TechWeekEurope UK

InfoSec 2013: Government Promises £500000 Cyber Aid For SMBs
TechWeekEurope UK
The government is attempting to address concerns from small and medium-sized businesses (SMBs) that can't protect themselves from cyber attacks by offering small packages of money to bring in outside assistance. Today, as the InfoSecurity 2013 ...
8 in 10 small UK firms hacked last year - at £65k a pop: ReportRegister

all 11 news articles »

Full disclosure: I work at Microsoft.

This past Thursday (17 APR) Microsoft released  volume 14 of its Security Intelligence Report (SIRv14) which includes new threat intelligence from over a billion systems worldwide. 

It should come as no surprise that network worms are on the decrease and that web-based attacks are all the rage. Interesting report highlights include:

  • The proportion of Conficker and Autorun threats reported by enterprise computers each decreased by 37% from 2011 to 2H12
  • In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites (see example below)
  • Enterprises were more likely to encounter the iFrame redirection technique than any other malware family tracked in 4Q12
  • One specific iFrame redirection family called IframeRef, increased fivefold in the fourth quarter of 2012 to become the number one malicious technique encountered by enterprises worldwide
  • IframeRef was detected nearly 3.3 million times in the fourth quarter of 2012

The report also takes a close look at the dangers of not using up-to-date antivirus software in an article titled “Measuring the Benefits of Real-time Security Software.” I read this with some skepticism imagining it might be heavily slanted to the use of Microsoft AV products, but read on, it's not. It refers to a ton of data generated via Microsoft telemetry but remains data-centric to point out that, on average, computers without AV protection were five and a half times more likely to be infected (What?! I'm shocked. This is my shocked face surprise). The study also found that 2.5 out of 10, or an estimated 270 million computers worldwide were not protected by up-to-date antivirus software. Now that actually is shocking. Really? What's the matter with people? For more information on that analysis, see details on TechNet.

On the related subject of web-based attacks, I recently completed a forensic review of an elderly Windows XP system that had clearly crossed paths with Blackhole, or as the SIR referers to it, Blacole; said system was infected with Exploit:Java/CVE-2011-3544. The behavior discovered warrants a quick review as it details just one of the plethora of manners in which web-based attacks can own you. Of interest, SIRv14 states that "detections of exploits targeting CVE-2011-3544 and CVE-2010-0840, two vulnerabilities with significant exploitation in the first half of the year, declined by large amounts in 2H12. Both are cross-platform vulnerabilities that were formerly targeted by the Blacole kit but have been removed from more recent versions of the kit." That's in keeping with findings on the machine I analyzed given that the related JAR files had been on the system since February 2012. Nonetheless, at the risk of oversimplifying the analysis, the writeup for CVE 2011-3544 describes a vulnerability that allows a remote attacker to execute arbitrary code on the system, caused by the improper handling of Rhino Javascript errors. Of note when unpacked from the initial JAR file were efira.class and efira.java (the applet). As ripped directly from the conclusion of Michael Schierl's excellent writeup on CVE-2011-3544:

Steps to exploit this vulnerability include:

  1. Assign a toString() method to this that will disable the security manager and then run your payload
  2. Create a new JavaScript error object
  3. Overwrite the error object's message property by this
  4. Return the error object
  5. Create a new script engine and bind the applet to a JS variable (in case your payload needs it)
  6. Evaluate the script mentioned above
  7. Add the resulting object to a JList
  8. Display the JList to the user and wait for the UI thread to render it
Strings analysis of Efira.class (see VirusTotal if you want hashes) returned the requisite steps including:
  • toString() (1)
  • java/lang/Object error (2)
  • javax/script/ScriptEngine (5) 
  • eval (6)
  • javax/swing/JList (7)
And this was but one example of six Java-specific exploits dropped on this victim system during its unfortunate visit to a Blackhole infected site. Stay tuned for new and interesting web-based exploits for 2013.
1) Run AV
2) Patch
3) Pray 
As always the SIR is a great read. Download it here.
Russ McRee | @holisticinfosec
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Apr 23


By Kenneth Corbin
April 22, 2013

NATIONAL HARBOR, Md. -- Some of the hackers involved in the infamous
Aurora attacks executed from China against dozens of major American
companies were believed to be running a counter-intelligence operation
probing whether the U.S. government had uncovered the identity of

Posted by InfoSec News on Apr 23


By Sophie Curtis
23 April 2013

The UK government's Technology Strategy Board has extended its
Innovation Vouchers scheme to allow small and medium enterprises (SMEs)
to bid for up to £5,000 from a £500,000 pot to improve their cyber
security by bringing in outside expertise.

“Keeping electronic information safe and...

Posted by InfoSec News on Apr 23


By Adam Martin
Daily Intelligencer
April 22, 2013

Matthew Keys, the Reuters deputy social media editor suspended last
month after he was indicted for allegedly helping Anonymous take over
the Los Angeles Times website, learned on Monday the company had fired
him. But Reuters did not fire Keys for his alleged involvement with
Anonymous, he said....

Posted by InfoSec News on Apr 23


By Kelly Jackson Higgins
Dark Reading
April 22, 2013

If there's one big theme of the just-released Verizon Data Breach
Investigations Report (DBIR), it's demographics: all sizes of
organizations are getting hacked, and different industries are getting
hit for different reasons and with different attack methods.

"We shouldn't...

Posted by InfoSec News on Apr 23


By Lorenzo Franceschi-Bicchierai
April 22, 2013

The official Twitter accounts of the World Cup and FIFA's President Joseph
Blatter have been hacked, apparently by Syrian hackers.

On Monday afternoon, both @FifaWorldCup and @SeppBlatter started sending weird
tweets, hinting that hackers had taken over control of the accounts. And it
quickly became clear that...
Internet Storm Center Infocon Status