Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook reported Wednesday that it now handles an average of more than 1 billion searches a day, but it still has work to do to provide a comprehensive search tool.
 
A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.
 
A majority of AT&T's new smartphone customers are now choosing a plan where they pay for their phones over time, helping to drive strong second-quarter financial results, the carrier said.
 

As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.

As Ars reported in early July, the vulnerability in MailPoet, a WordPress plugin with more than 1.7 million downloads, allows attackers to upload any file of their choice to vulnerable servers. In the three weeks since then, attackers have exploited the bug to install a backdoor on an estimated 30,000 to 50,000 websites, some that don't even run WordPress software or that don't have MailPoet enabled, according to Daniel Cid, CTO of security firm Sucuri.

"To be clear, the MailPoet vulnerability is the entry point," he wrote in a blog post. "It doesn't mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website." In an e-mail to Ars, he elaborated:

Read 2 remaining paragraphs | Comments

 

SC Magazine

InfoSec pros worried BYOD ushers in security exploits, survey says
SC Magazine
Only 21 percent of the 1,100 IT security practitioners responding in the second annual “BYOD & Mobile Security Study” conducted by online community of more than 200,000 InfoSec professionals said their companies have fully implemented policies, ...
Study Reveals Top BYOD Security ConcernsNewsFactor Network
Second Annual BYOD & Mobile Security Study Reveals Exploits Entering ...EIN News (press release)

all 9 news articles »
 
A shortage of solid-state drives for ultrathin laptops and hybrids will cause prices to flatten next year after dropping for the last several years, with lower prices coming again in 2016, according to a market analysis.
 
IBM is offering a potentially powerful incentive in its attempts to entice organizations to move supercomputing jobs to the cloud: a high-speed network communications link called InfiniBand.
 
A new report from IHS shows that because of steep prices, UHD TVs are not making deep inroads in the television market.
 
Facebook's quarterly sales rose 61 percent on the strength of mobile advertising, the company said Wednesday.
 
Six people have been indicted on charges of running an international ring that resold tickets bought through compromised StubHub accounts for some of New York's biggest concerts and sporting events.
 
Microsoft again took a hit on its Surface business, the company acknowledged Tuesday.
 
Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
 
With Facebook set to release its Q2 earnings today, it's a safe bet company execs will talk about mobile issues and user growth.
 
Sprint announced a partnership with Google to offer the Google Apps for Business cloud service, adding that customers of the service won't be required to use Sprint's wireless network or Android devices.
 
GNU Readline '_rl_tropen()' Insecure Temporary File Handling Vulnerability
 
GLPI 'ticket.class.php' Information Disclosure Vulnerability
 
Low-cost Android tablets with 64-bit processors and 4K video decoding capabilities could be around the corner, thanks to Allwinner's plan to ship its first 64-bit ARM processor by year end.
 
Businesses wanting the security of BlackBerry Enterprise Service 10 without the complexity of managing it onsite can now buy it as a hosted service from six BlackBerry partners.
 
Apple is releasing its first public beta of OS X Yosemite. Is that a smart move?
 
Google reportedly tried to buy popular music streaming service Spotify late last year, but the talks broke down and the deal didn't go through.
 
LinuxSecurity.com: Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical [More...]
 
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
 
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.
 
LinuxSecurity.com: Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 7. The Red Hat Security Response Team has rated this update as having Critical [More...]
 
LinuxSecurity.com: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. [More...]
 
LinuxSecurity.com: Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated kernel-rt packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]
 
Seagate announced today that Roku set-top boxes will now have a channel to connect to Wireless Plus hard drives for streaming movies, music and photos stored on the drives.
 
Oracle is responding to an ever more mobile customer base with the rollout of 57 mobile applications for its JD Edwards EnterpriseOne business software suite.
 
Apple will release its first public beta of OS X Yosemite early Thursday
 
Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
 
RETIRED: SQL Buddy 'login.php' Multiple Cross Site Scripting Vulnerabilities
 
[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
 
Sony is making a push to sell high-definition music players, and 35 years after being launched its Walkman is making a small comeback.
 
A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
 
Soni Jiandani is one of Cisco's serial entrepreneurs, having been a key member of the teams that developed everything from the Nexus 5000 to Cisco's Unified Computing System (which in five years has leapt to the top of the x86 blade server market in North America, according to IDC). Today Jiandani is Senior Vice President of Cisco's Insieme business unit, the group pushing the company's Software Defined Networking vision. Network World Editor in Chief John Dix caught with Jiandani to get her take on how SDN plays out.
 

Four days after a forensics expert warned that undocumented functions in iOS could leak personal user data, Apple has documented three services it says serve diagnostic purposes.

"iOS offers the following diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues," the support article published Tuesday stated. "Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer." As Ars reported Monday, three undocumented services include a packet sniffer dubbed com.apple.mobile.pcapd, a file downloader called com.apple.mobile.file_relay, and com.apple.mobile.house_arrest, a tool that downloads iPhone and iPad files to an iTunes folder stored on a computer.

Jonathan Zdziarski, the forensics expert who brought the undocumented functions to light on Saturday, published a blog post in response that criticized Apple's characterization of the services. He continued to maintain that at least one of the capabilities—stemming from the file relay service—constitutes a "backdoor" as defined by many security and forensics practitioners. He also took issue with Apple's suggestion that the purpose of the services was limited to diagnostics. He reiterated his previous stance that he doesn't believe Apple added the functions at the request of the National Security Agency.

Read 3 remaining paragraphs | Comments

 
A screenshot posted by "w0rm" showing he had dumped the user table from a Wall Street Journal database.

Dow Jones & Co. took two servers that store the news graphics for The Wall Street Journal website offline yesterday evening after a confirmed intrusion by a hacker calling himself “w0rm.” The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.

W0rm, according to Komarov, is the same individual previously known as “Rev0lver” and “Hash,” a Russian hacker who tried to sell access to the BBC’s servers last December and attacked the Web servers of Vice Media earlier this year. At 5:30pm ET on July 21, he posted a screenshot to Twitter that showed the e-mail address, username, and hashed password for the database admin on a wsj.com server. He offered to sell the full dump of the database table of authorized users for one bitcoin through an exploit marketplace at w0rm.in.

According to The Journal, Dow Jones has taken the servers offline to isolate them and prevent further intrusions into their systems. A spokeperson for the company said, “At this point we see no evidence of any impact to Dow Jones Customers or customer data.”

Read 1 remaining paragraphs | Comments

 
SQL Injection in Ð?2
 
[oCERT-2014-005] LPAR2RRD input sanitization errors
 
Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
 
[SECURITY] [DSA 2985-1] mysql-5.5 security update
 
Mozilla released Firefox 31, patching 14 vulnerabilities, debuting a search box on the new tab page and adding a Google-provided service that detects and blocks known malicious files before they're downloaded.
 
Hive's SQL-like query language and vastly improved speed on huge data sets make it the perfect partner for an enterprise data warehouse
 
There's something to be said for traditions. After all, they're proven entities that have worked for decades. But while that standard Sinatra song may still find an audience at the weekend cookout, the same can't be said for standard technologies.
 
One of the complainants in an antitrust case against Google has slammed the European Commission for apparently adopting wholesale Google's proposal to settle the case, while giving complainants no fair chance to express their views on the settlement. Meanwhile, the Commission is considering revising the terms of the settlement, according to media reports.
 
A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.
 
Dropbox will continue beefing up the business version of its cloud storage and file sharing service, adding security features to shared links, full-text search capabilities and new tools for enterprise developers.
 
RETIRED: HP OneView CVE-2014-2602 Unspecified Remote Privilege Escalation Vulnerability
 

We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system.

To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl .

The script uses a new REST API to upload logs to our system. To use it, you will need your API key, which you can retrieve from https://isc.sans.edu/myinfo.html (look in the lower half of the page for the "report parameters").

For data we are collecting so far, see https://isc.sans.edu/ssh.html .

If you have any other systems then kippo collecting similar information (we like to collect username, password and IP address), then please let me know and I will see if we can add the particular log format to this client.

By contributing your logs, you will help us better understand who and why these attacks are performed, and what certain "must avoid" passwords are. Note for example that some of the passwords these scripts try out are not necessarily trivial, but they may be common enough to be worth while brute forcing targets.

---

Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system.

To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl .

The script uses a new REST API to upload logs to our system. To use it, you will need your API key, which you can retrieve from https://isc.sans.edu/myinfo.html (look in the lower half of the page for the "report parameters").

For data we are collecting so far, see https://isc.sans.edu/ssh.html .

If you have any other systems then kippo collecting similar information (we like to collect username, password and IP address), then please let me know and I will see if we can add the particular log format to this client.

By contributing your logs, you will help us better understand who and why these attacks are performed, and what certain "must avoid" passwords are. Note for example that some of the passwords these scripts try out are not necessarily trivial, but they may be common enough to be worth while brute forcing targets.

---

Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The partnership announced last week isn't just about selling more iPhones. It's part of a big push into the Internet of Things.
 
A California court has allowed a privacy class action suit against Google to continue, though only in part.
 
Three new services -- Flow, Glip and Slingshot -- try to enhance the ability of teams to converse and collaborate using a variety of tools.
 
Apple faces in a state court in California a class action suit that its employees were not provided timely meal breaks, rest breaks and final paychecks, according to the lawyer for the employees.
 
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.
 
Mozilla Firefox/Thunderbird CVE-2014-1559 Security Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1547 Multiple Memory Corruption Vulnerabilities
 
Mozilla Firefox/Thunderbird CVE-2014-1556 Remote Code Execution Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1555 Use After Free Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1557 Remote Code Execution Vulnerability
 
Internet Storm Center Infocon Status