(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

jQuery is a popular Javascript framework, used by many websites (including isc.sans.edu) . jQuery provides many features, like easy access to webservices as well as advanced user interface features. When using jQuery, sites have the option to download and host the complete code, or let jQuery.com and it's CDN (Content Delivery Network) host the code.

There are two advantages in allowing jQuery.com to host the code:

  • Performance: Code is typically delivered faster, and a user may already have the code cached if they visited another site that used the CDN hosted copy of jQuery.
  • Automatic Updates: Updates to jQuery are pushed to the CDN by the jQuery developers, and a website using it will automatically receive the latest copy.

On the other hand, there is an important drawback, and the main reason why the jQuery code for isc.sans.edu is hosted on our own servers: With code being "blindly" included from 3rd party sites, it is possible that a compromise of this 3rd party site will affect your site's security.

Sadly, just this happened according to RiskIQ with jQuery.com [1]. The web site was compromised and malicious code was injected redirecting users to a malicious site. Luckily, the jQuery library was NOT affected. Otherwise, many additional sites would have been exposed and visitors to these sites would have been affected. This is in particular fortunate as the attack appears to be targeted. The redirection domain used in this attack was jquery-cdn.com . That domain was registered on the day the attack was first noticed.

Particulary concerning is the fact that I am unable to find any statement about the attack on jQuery.com . If someone has a link, please let me know.

[1] http://www.net-security.org/malware_news.php?id=2869

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Martha Stewart, America’s home design and craft queen, took to late night television on Monday to gush about her latest obsession: drones.

On Late Night with Seth Meyers, Stewart proudly talked about how she now owns "three drones."

"These are not army drones! They're not dangerous!" she reassured Meyers.

Read 4 remaining paragraphs | Comments

IBM Embedded WebSphere Application Server CVE-2014-3020 Local Privilege Escalation Vulnerability
Multiple Huawei Products 'eSap' Platform Remote Heap Buffer Overflow Vulnerabilities
Free to download, ready to customize, NetHunter puts the power of a pen-tester's Linux desktop on a Nexus phone or tablet.

One of the tools we've leaned on heavily in some of our lab testing of software privacy and security is Kali Linux. The Debian-based operating system comes packaged with a collection of penetration testing and network monitoring tools curated and developed by the security training company Offensive Security. Today, the Kali developer team and Offensive Security released a new Kali project that runs on a Google Nexus device. Called NetHunter, the distribution provides much of the power of Kali with the addition of a browser-driven set of tools that can be used to launch attacks on wireless networks or on unattended computers via a USB connection.

NetHunter is still in its early stages, but it already includes the ability to have the Nexus device emulate a USB human interface device (HID) and launch keyboard attacks on PCs that can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. It also includes an implementation of the BadUSB man-in-the-middle attack, which can force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the PC’s traffic through it for monitoring purposes.

A demonstration of NetHunter's HID Keyboard attack on a Windows 8 computer.

In a phone interview with Ars, Offensive Security’s lead trainer and developer Mati Aharoni said that while NetHunter can be compiled to run on Android devices other than the Nexus family, “part of the reason we chose Nexus devices was because of the specific kernel sources we were able to get from Google. "The Nexus devices supported by NetHunter include the Nexus 5 ("hammerhead"), Nexus 7 (both 2012 and 2013 versions), and the Nexus 10 ("mantaray").

Read 3 remaining paragraphs | Comments

Mozilla Firefox CVE-2010-0174 Multiple Remote Memory Corruption Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey XUL Tree Item Remote Code Execution Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey 'optgroup' XUL Tree Remote Code Execution Vulnerability
Multiple Mozilla Products CSS Selectors Cross Domain Information Disclosure Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey 'nsIContentPolicy' Security Bypass Vulnerability
LinuxSecurity.com: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: Several security issues were fixed in DBus.
LinuxSecurity.com: nginx could be made to expose sensitive information over the network.
LinuxSecurity.com: Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack (CVE-2014-5270). [More...] _______________________________________________________________________
Mozilla Thunderbird/Seamonkey/Firefox Multiple Remote Vulnerabilities
Cobham Aviator 700D and 700E CVE-2014-2942 Local Information Disclosure Vulnerability
gksu CVE-2014-2886 Arbitrary Command Execution Vulnerability
Cisco Nexus 1000V CVE-2014-3367 Cross Site Scripting Vulnerability
Glype proxy local address filter bypass
[security bulletin] HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access
Glype proxy privacy settings can be disabled via CSRF
Glype proxy cookie jar path traversal allows code execution
Re: TP-LINK WDR4300 - Stored XSS & DoS

Posted by InfoSec News on Sep 23


By Andrew Tilghman
Staff writer
Navy Times
Sep. 22, 2014

After months of bureaucratic battles, the Pentagon is finalizing a plan to
give reservists a limited role in the evolving cyber force.

U.S. Cyber Command’s effort to build a force of 6,200 cyber warriors,
split among 133 operational teams, has fueled a tug-of-war between...

Posted by InfoSec News on Sep 23


By Ryan Lawler (@ryanlawler)
Sept 22, 2014

Five-year old startup Duo Security has emerged as a leader in providing
secure but easy-to-use two-factor authentication technology to a
fast-growing number of enterprise customers. To bolster its growth, the
company has raised $12 million in Series B financing from Benchmark, and
has added general partner Matt Cohler to its...

Posted by InfoSec News on Sep 23


By Sean Gallagher
Ars Technica
Sept 22 2014

When Home Depot suffered a breach of transaction data that exposed as many
as 52 million credit card transactions earlier this year, the company
reportedly suffered from lax computer and network security measures for
years. Apparently, the company wasn’t helped much by its selection of a...

Posted by InfoSec News on Sep 23


By Carol D. Leonnig and Spencer S. Hsu
The Washington Post
September 22, 2014

The Secret Service commissioned a classified mock attack two decades ago
that found an easy way to pierce the White House security zone: Overwhelm
Secret Service officers on the compound with...

Posted by InfoSec News on Sep 23


By Alice Philipson
21 Sep 2014

GCHQ employs more than 100 dyslexic and dyspraxic 'neuro-diverse' spies to
harness their analytical skills in the fight against terror.

The British intelligence agency uses their ability to analyse complex
information in a "dispassionate, logical and...
Internet Storm Center Infocon Status