Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

One of the more recent discoveries resulting from the breach two weeks ago of malware-as-a-service provider Hacking Team is sure to interest Android enthusiasts. To wit, it's the source code to a fully featured malware suite that had the ability to infect devices even when they were running newer versions of the Google-developed mobile operating system.

The leak of the code base for RCSAndroid—short for Remote Control System Android—is a mixed blessing. On the one hand, it provides the blueprints to a sophisticated, real-world surveillance program that can help Google and others better defend the Android platform against malware attacks. On the other, it provides even unskilled hackers with all the raw materials they need to deploy what's arguably one of the world's more advanced Android surveillance suites.

"The RCSAndroid code can be considered one of the most professionally developed and sophisticated Android malware [titles] ever exposed," researchers from security firm Trend Micro wrote in a recently published blog post. "The leak of its code provides cybercriminals with a new weaponized resource for enhancing their surveillance operations."

Read 5 remaining paragraphs | Comments

 
Gaithersburg, MD ? The National Cybersecurity Center of Excellence (NCCoE) has released a draft for public comment of the first guide in a new series of publications that will show businesses and other organizations how to improve their ...
 
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
 

Researchers at an HP security division have publicly detailed four code-execution vulnerabilities that can be used to hijack end-user smartphones running the latest versions of Microsoft's Internet Explorer browser.

The disclosures earlier this week came more than six months after researchers from HP-owned TippingPoint first privately reported the bugs to Microsoft security engineers. According to the advisories published here, here, here, and here, Microsoft officials acknowledged the bugs and in each case asked for an extension beyond the four months TippingPoint officials normally wait before publicly disclosing vulnerabilities. All four of the extensions expired Sunday, leading to the public disclosure of the bugs.

It remains unclear why Microsoft hasn't issued fixes. TippingPoint alerted Microsoft to three of the vulnerabilities in January and one of them last November. A Microsoft spokesman told Ars he was looking in to the matter.

Read 8 remaining paragraphs | Comments

 
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability
 
LinuxSecurity.com: apply fix for NDEF record payload length checking
 
LinuxSecurity.com: apply fix for NDEF record payload length checking
 
LinuxSecurity.com: update to 1.8.3 fixing 3 CVE
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: Several security issues were fixed in NBD.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in libXfont, the worst of which could result in execution of arbitrary code or Denial of Service.
 
LinuxSecurity.com: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
 
[SECURITY] [DSA 3313-1] linux security update
 

For those of us that are in patching world the last few weeks has not been fun. It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached.

Well unfortunately Im here to add to your woes. BK wrote in (thanks) to remind me that on the same day that Microsoft patched a critical issue,ZDI released four vulnerabilities that, whilst based on their CVSS score may not quite reach critical (in Microsoft world), will likely result in a patch for most systems (including Windows phone). " target="_blank">http://www.zerodayinitiative.com/advisories/ZDI-15-362/

In this case all four were discovered in-house, disclosed to the vendor over 120 days ago and as of release unlikely to have an exploit associated with it. That is however likely to change.

Mark H

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 
Internet Storm Center Infocon Status