InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

17 Best Practices of Agile Methodology
Business 2 Community
17 Best Practices of Agile Methodology · Strategy. By InfoSec Institute, Published August 23, 2012. Be the first to comment! Share: Share: Agile methodology has become very popular lately. Originating in software development, it has spread to many ...

GIMP Multiple Buffer Overflow Vulnerabilities
GIMP CVE-2012-3402 Buffer Overflow Vulnerability
McAfee Multiple Products Remote Denial of Service Vulnerability
Performance Co-Pilot Multiple Vulnerabilities
[ MDVSA-2012:143 ] python-django
Ad Manager Pro v. 4 Remote FLI
SaltOS 3.1 Cross-Site Scripting vulnerability
[security bulletin] HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
The California State Assembly Wednesday voted to approve legislation that would prohibit state law enforcement personnel from obtaining location data from an individual's cell phone without a warrant.
Dell on Thursday said it will offer dedicated servers in its data centers and off-premises application and storage services for companies looking to establish private clouds.
ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability
ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.
Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
libvirt Remote Denial Of Service Vulnerability
ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability
The first week of class at Washington State University has been a tumultuous one for students and parents who depend on financial aid, due to a software glitch in a recently installed Oracle PeopleSoft system.
The U.S. Federal Communications Commission has conditionally approved a multibillion swap of wireless spectrum between Verizon Wireless, T-Mobile and four of the biggest cable TV system operators in the U.S.
Amazon has scheduled a press conference for September 6, suggesting that new Kindle e-readers and tablets are nearly here.
SaltOS 'download.php' Cross Site Scripting Vulnerability
ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability
ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability
ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability
ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability


How often do I say send us a note on our contact form and I've never detailed the page in a feature!? This is a good time to mention, if you have any aspect of the site you would like reviewed or explained in more detail, please feel free to send us a note on our contact form at https://isc.sans.edu/contact.html. Yup, just did that again! :

There are many reasons, ways and places to contact the Internet Storm Center. Whether you have a general security question, want to let us know about a patch release, want to discuss current events with security folk, find a glitch in the matrix or have a packet capture you'd like analyzed, the Contact Us page at https://isc.sans.edu/contact.html is the place to go.


The top paragraph explains the usefulness of the DShield Discussion List for certain topics. The groups' messages are moderated and generally release within a few minutes to a few hours of submitting and you can expect a response just as quick.

SSLVersion - https://isc.sans.edu/contact.html

The first sub navigation link forwards you to an SSLencrypted version of the page. Note that the site should now automatically default to https but this is still available just in case.

Submit Logs - https://isc.sans.edu/contact.html#submit-logs

Log Submissions were detailed in our very first Feature Diary at https://isc.sans.edu/diary/ISC+Feature+of+the+Week+How+to+Submit+Firewall+Logs/12316.

Report Site Bug - https://isc.sans.edu/contact.html#submit-bug

In addition to the contact form detailed below, we check the DShield sourceforge project page regularly. You can submit bugs, feature requests, and support requests. We are always working on improving the site. Be sure and include your debug info along with submissions.

Contact Form - https://isc.sans.edu/contact.html#contact-form

This form is sent to all ISChandlers so your submission or inquiry gets the widest exposure to our group. Be sure to include a valid email if you'd like a response or credit.
Enter a valid email address, your name and the subject of your message.
Attach a File

Compress multiple files into one tar/zip file.
Please don't encrypt or obfuscate the files.
Feel free to upload malware samples for analysis but please mention the nature of the content in the text box below

A large text box is provided for your message.
Let us know your preference for future use of the information you are submitting:

Is it ok to forward your submission to our malware analysis group?
May we mention your observation in our diary? (your thoughts, findings, etc)
May we mention your first name in our diary? - Let us know in the textbox if we can also mention a last name and/or a company or we'll keep your information private.

Category will help us identify the type of submission. Leave default other for general, or select Malwareor Packets where appropriate.

Your submission is distributed to all ISChandlers at [email protected] and will be kept confidential within the group until and only if you authorize its use. If you have any concerns, please review our Privacy Policy.

We are #dshield on freenode.net if you'd like to chat with us on IRC.
You can leave a Voice Mail at (757) SANS-ISC (726-7472) if you prefer to contact us by phone.
The PGP keys file https://isc.sans.edu/PGPKEYS.txt contains a lot of ISC's and the handler's public keys.

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Big data is poised to grow well beyond the enterprise - and anything we can imagine today. Think of how the assembly line changed the automobile and, consequently, our lives. Keeping big data secure will require an equally innovative approach. CIO.com columnist Bernard Golden calls it 'big security,' and he doesn't think the industry is ready for it yet.
McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities
ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability
ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability
Weak economies in the U.S. and Europe together with a slowdown in manufacturing in China hurt semiconductor sales during the second quarter this year, and the market will deteriorate further in the coming quarters as issues continue to plague chip suppliers, IHS iSuppli said in research released on Thursday.
A timer found in the Shamoon cyber-sabotage malware discovered last week matches the exact time and date when a hacktivist group claims to have disabled thousands of computers from the network of Saudi Aramco, the national oil company of Saudi Arabia.
After 25 years, Microsoft is hanging up its old corporate logo in favor of a new one that includes a squared off version of its four-color window pane and a typeface that is more in line with its Windows 8 logo.
An ad agency is testing a new app that uses strategically placed cameras, facial recognition tools and Facebook histories to offer targeted local deals.
As it begins a second day of deliberations in the Apple v. Samsung patent battle, the jury charged with evaluating the case has decided to work an extra hour.
Adobe Acrobat and Reader Multiple Unspecified Remote Code Execution Vulnerabilities
LetoDMS Multiple HTML Injection and Cross Site Scripting Vulnerabilities
ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability
ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
TechSmith Snagit 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
Staying ahead of Microsoft itself, VMware has updated its Workstation desktop computer hypervisor so it can run Microsoft's soon-to-be-released Windows 8.
Adobe Pixel Bender Toolkit2 'tbbmalloc.dll' Multiple DLL Loading Code Execution Vulnerabilities
Foxit Reader 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
[email protected] Multiple Input Validation Vulnerabilities
Hitachi Data Systems lifted the covers off its flash roadmap, saying it will build its own flash controller and put NAND flash products in servers, storage and appliances in order to enable compute acceleration, caching and high-performance storage.
The British Standards Institution will help the CSA develop a certification program for cloud providers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Your cloud-computing contract should specify what you expect the vendor to do, not just the name of its cloud service.
The U.S. Federal Trade Commission has cleared Facebook's proposed acquisition of mobile photo-sharing service Instagram in an unanimous vote, FTC said on Wednesday.
A new television format that has 16 times the resolution of current High Definition TV has been approved by an international standards body, Japanese sources said Thursday.
Sony Mobile is laying off 1,000 employees and will also move its global HQ to Tokyo, as the company tries to turn around its dwindling fortunes in the smartphone space.
Nokia, Samsung Electronics, Sony and Qualcomm have formed the In-Location Alliance, which will work to improve the accuracy of indoor positioning, the companies said on Thursday.
The U.S. Securities and Exchange Commission (SEC) adopted a regulation on Wednesday requiring companies to publicly disclose if they used minerals that originated in the Democratic Republic of Congo or adjoining countries, a measure that will impact technology companies as well.
Here are some ways to beef up security on your digital life -- before someone seeking to duplicate the hack that seized control of a Wired reporter's Apple, Amazon and Google accounts finds similar vulnerabilities in yours.
The reason Anonymous has a permanent place in our collective imagination: For a time, its organizational model worked very well
The man behind the Sabu moniker and alleged LulzSec leader has his sentencing postponed six months thanks to his "ongoing cooperation" with the US authorities

In its 73 years, Hewlett-Packard has had bad quarters, but perhaps none like the one it posted Wednesday. Its $8.9 billion loss was huge, but there was little drama about it.
The Mars rover Curiosity is on a mission to deliver what scientists hope will be groundbreaking scientific research that wouldn't be possible without robotics, according to a NASA chief engineer.
A researcher has disclosed a cross-site request forgery vulnerability in Facebook's App Center functionality. After the bug was disclosed responsibly, Facebook fixed the issue within one day

The ICS-CERT, which specialises in industrial control systems, warns that networking components by RuggedCom all use the same private RSA key


Posted by InfoSec News on Aug 23


Sign Dave's Petition for the ISC2 Board Election!

That's right, I'm starting my campaign for the ISC2 Board of Directors
in a bid to make a difference by doing something about it! I would like
to add new blood to the board in a bid to bring fresh ideas to help grow
the organization to the betterment of the members!

I greatly appreciate your support and please tell your friends!...

Posted by InfoSec News on Aug 23


By Dan Goodin
Ars Technica
Aug 22, 2012

A private encryption key embedded into widely used mission-critical
routers could be exploited by hackers to attack electric substations,
railroad switches, and other critical infrastructure, security
researchers have warned.

The flaw, uncovered in devices made by Siemens subsidiary RuggedCom of
Ontario, Canada, is the second...

Posted by InfoSec News on Aug 23


By Lia Timson
IT Pro Editor
August 23, 2012

A new technology-agnostic malware, found to affect Macs last month, has
now been spotted on three other operating system environments: Windows,
virtual machines running on VMWare and Windows Mobile.

According to security firm Symantec, the advanced threat,...

Posted by InfoSec News on Aug 23


By Kelly Jackson Higgins
Dark Reading
Aug 22, 2012

The mystery of the data-destroying targeted attack against a Middle East
oil organization with the so-called Shamoon malware is still unfolding,
as security experts discover more clues, and a self-professed group of
hacktivists claims responsibility for...

Posted by InfoSec News on Aug 23


By Noah Shachtman
Danger Room
August 21, 2012

The Pentagon’s top research arm is unveiling a new, classified
cyberwarfare project. But it’s not about building the next Stuxnet,
Darpa swears. Instead, the just-introduced “Plan X” is designed to make
online strikes a more routine part of U.S. military operations. That
will make the son of Stuxnet easier to pull off — to, as...
Apache Struts2 Skill Name Remote Code Execution Vulnerability
We all know that network traffic contains real treasure when trying to identify malicious activities. Various organizations recognized this and even mandate that IDS or IPS systems are implemented.
However, such systems typically have similar problems as anti-virus products they depend either on pre-made signatures or some kind of heuristics which can be (sometimes easily) evaded.
At the same time, in the AV world we can see that more vendors rely on things such as cloud scanning and reputation systems.
One of the things I often recommend to people is that they check outgoing network sessions created by their networks not only established connections but also various attempts. For example, you should regularly monitor your firewall logs to see what traffic has been dropped but put more effort into analyzing what egress connections were blocked since that can help you identify potentially infected (or hacked) machines on your network.
The best example of when such analysis really pays off is RSA Security through egress log analysis they found out that the hacker that compromised their network used FTP to transfer files to an external machine. This should make you ask yourself this is where we get to the beginning of this diary. Such correlation can really add value to your firewall/router data knowing that an internal IP address tried to connect to an external IP address, and that this connection attempt was blocked is good, but knowing that the external IP address is actually a ZeuS CC really adds value!
Some of the reputation sources that are free, and that I found to be working really well are the following (in no particular order):

Emerging Threats RBN list: http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
All abuse.ch trackers: Zeus (https://zeustracker.abuse.ch/), SpyEye (https://spyeyetracker.abuse.ch/), Palevo (https://palevotracker.abuse.ch/)

Do you use other reputation sources? Anything you wish to add to this list? Let us know!


INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status