Hackin9

Mitsubishi Corp : NEC Corporation and Mitsubishi Corporation to Form ...
4-traders (press release)
NEC Corporation, (NEC), Mitsubishi Corporation (MC) and Infosec Corporation (Infosec), a wholly owned subsidiary of MC, have reached an agreement in which NEC will acquire a 60% equity interest in Infosec. As a result of this transaction, Infosec will ...

 
The state of Florida has begun fining Deloitte $15,000 per business day until the systems integrator finishes fixing a number of alleged bugs in an unemployment compensation software system it built.
 
Trust in the security industry has taken a blow with a recent report that RSA was paid by the U.S. National Security Agency to provide a way to crack its encryption.
 
Google Chrome Prior to 31.0.1650.63 Multiple Security Vulnerabilities
 
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability
 
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability
 
EtoShop C2C Forward Auction Creator Multiple SQL Injection Vulnerabilities
 
EtoShop Dynamic Biz Website Builder (QuickWeb) Multiple SQL Injection Vulnerabilities
 
Helpdesk Pilot Ticket Content URL HTML InjectionVulnerability
 
iScripts AutoHoster Multiple Security Vulnerabilities
 
Two NASA astronauts were on a rare Christmas Eve spacewalk outside the International Space Station, working to replace a pump that caused a cooling malfunction on the orbiter.
 
A survey has revealed that 60% of consumers are unaware that on Jan. 1, 40W and 60W incandescent bulbs will join 75W and 100W incandescent bulbs in being phased out of existence. And, other bulbs will soon follow.
 
LinuxSecurity.com: It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized [More...]
 
LinuxSecurity.com: A vulnerability has been found in Tinyproxy, allows remote attackers to cause a Denial of Service condition.
 
Wireshark NTLMSSP v2 Dissector Denial of Service Vulnerability
 
Wireshark BSSGP Dissector Denial of Service Vulnerability
 
Bosch, a company best known as a maker of appliances, including stoves, dishwashers, washing machines and coffee makers, is increasing its focus on the Internet of Things.
 
There's no good reason for the U.S. to be so far behind in adopting EMV.
 
Revive Adserver 'what' Parameter SQL Injection Vulnerability
 
Sup Attachment Filenames Remote Code Execution Vulnerability
 
Ecava IntegraXor Project Directory Information Disclosure Vulnerability
 
UK chip-designer ARM today emerged as one of the companies set to get a boost from the deal that Apple signed with China Mobile last night, which will see the Californian tech giant's iPhone 5S and 5C go on sale to nearly a billion customers.
 
A new malware program that functions as a module for the Apache and Nginx Web servers is being sold on cybercrime forums, according to researchers from security firm IntelCrawler.
 
Sales of Chromebooks exploded from basically nothing in 2012 to more than 20 percent of the U.S. commercial PC market, analyst firm NPD reported on Monday, while Windows PCs and MacsA remained flat at best.
 
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3993 Arbitrary Code Execution Vulnerability
 

SANS ISC reader Christopher found the following in the crontab of a customer's CentOS machine. I include it as an image here, to keep your anti-virus from panicking on this diary six months from now ...

Roughly every 90 minutes, this crontab will download and start the latest version of a backdoor / DDoS trojan off the dgnfd564sdf website. Every minute, it will also turn off the firewall if one is running (iptables stop) and try and hide its presence (history -c,  >.bash_history, etc). Current assumption is that the bad guys got in via an unknown webmin vulnerability or - most likely - via a weak password. We're still investigating the binaries:

5d10bcb15bedb4b94092c4c2e4d245b6  atdd
0d79802eeae43459ef0f6f809ef74ecc  cupsdd
9a77f1ad125cf34858be5e438b3f0247  ksapd
9a77f1ad125cf34858be5e438b3f0247  sksapd
a89c089b8d020034392536d66851b939  kysapd
a5b9270a317c9ef0beda992183717b33  skysapd

All six are >1.2mb and of type "ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped". The wget links are currently still live, investigate at your own risk.

If you have seen the same thing or additional insights, please share in the comments below!

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Two days of robotic competition wrapped up today in Homestead, Fla. Here's a special music video featuring highlights from the DARPA Robotics Challenge 2013.
 
HPLIP CVE-2013-6427 Insecure Auto Update Feature Man in The Middle Vulnerability
 
Quassel IRC CVE-2013-6404 Security Bypass Vulnerability
 
Cisco NX-OS Command Line Interface (CLI) Local Arbitrary File Access Vulnerability
 
A prominent venture capitalist proposed on Monday a plan to split California into six new states, including one called "Silicon Valley" that would stretch from San Francisco to San Jose and include the entire region where many of the biggest tech companies have their headquarters.
 
As Santa Claus and his elves prepare for their biggest night of the year, NORAD and Google are getting ready to track his big Christmas Eve ride.
 
More than most years, 2013 might be remembered for some ominous predictions of doom for the earth and its inhabitants. Here are some of the biggest (and smallest) predictions for next year and beyond.
 
Security researcher Mikko Hypponen has canceled his talk at a RSA security conference in San Francisco, reacting to a report that the security division of EMC allegedly received US$10 million from the U.S. National Security Agency to use a flawed random number generator in one of its products.
 

Dataguise Positioned in "Visionaries" Quadrant of the Gartner Magic Quadrant ...
MENAFN.COM
@Gartner_Inc [email protected] #Visionary in 2013 Data Masking #MQ (LINK) #infosec#datasecurity. Gartner analysts Joseph Feiman and Brian Lowans wrote in the DataMasking Technology report that, "Data masking has emerged to addressrelational ...

and more »
 
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update
 
Internet Storm Center Infocon Status