A geographic break down of computers infected by Pony.
Spider Labs

Criminals have pilfered about $220,000 worth of bitcoins and other digital currencies in a sustained, global attack that uses malware to steal the digital wallets stored on infected computers, researchers said Monday.

The malicious application known as Pony stole the digital loot from 85 wallets from September through January, researchers from security firm Trustwave's Spider Labs division wrote in a blog post. In all, the malware stole coins from at least four different digital currencies, including 355 bitcoins, 280 Litecoins, 33 Primecoins, and 45 Feathercoins. The coins were only a small part of the assets seized by Pony. During the same four-month span, Pony lifted credentials for more than 725,000 accounts. Those user names and passwords controlled access to accounts for websites, e-mail, FTP, secure shell, and remote desktops.

"This instance of Pony compromised 85 wallets, a fairly low number compared to the number of compromised credentials," Spider Labs researcher Daniel Chechik wrote. "Despite the small number of wallets compromised, this is one of the larger caches of Bitcoin wallets stolen from end-users. It is likely that this low number simply reflects the percentage of people actually using bitcoins and storing their wallets on their local machine, which explains why this number seems to grow as Bitcoin becomes more popular."

Read 5 remaining paragraphs | Comments


PerspecSys Wins First Annual Cyber Defense Magazine InfoSec Technologies ...
EIN News (press release)
MCLEAN, VA and SAN FRANCISCO, CA -- (Marketwired) -- 02/24/14 -- RSA Conference -- PerspecSys Inc., the leader in enterprise cloud data protection, today announced it has been selected by Cyber Defense Magazine as a 2014 winner in its InfoSec ...

and more »
IBM is working on an affordable photovoltaic system capable of concentrating solar radiation 2,000 times and converting 80% of the incoming radiation into useful energy.
Congress should pass a law requiring businesses that have lost customer information in cyberattacks to notify those affected, U.S. Attorney General Eric Holder said.
A German security company has released an unauthorized patch for Apple's OS X Mavericks that it claimed closes the hole the Cupertino, Calif. giant left wide open in the operating system's implementation of basic Internet encryption.
The long wait for a 64-bit version of Android on smartphones is coming to a close, with Intel on Monday showing a version of the OS running on a handset.
Google Chrome Prior to 33.0.1750.117 Multiple Security Vulnerabilities

Books Every InfoSec Professional Should Read
PC Magazine
Books Every InfoSec Professional Should Read. Feb 24, 2014 4:06 PM EST; [num] Comments. By Fahmida Y. Rashid · InfoSec Canon. Every field of study has a list of certain titles that people should have read. The "Western canon" includes Plato's The ...

The Galaxy S5 from Samsung Electronics sports an improved camera and a fingerprint reader.
Got great ideas to solve world problems? Google Executive Chairman Eric Schmidt just might give you a lot of money for them.
If Marc Zuckerberg has his way, Facebook will become the "on ramp" for the two-thirds of the world's population not yet connected to the Internet.
PostgreSQL CVE-2014-0061 Security Bypass Vulnerability
PostgreSQL CVE-2014-0062 Security Bypass Vulnerability

ISC Handler Rob sent the team a draft RFC currently under review by the IETF that seemingly fits quite nicely in the "What could possibly go wrong?" category.

Take a second and read Explicit Trusted Proxy in HTTP/2.0 then come back for further discussion.

Collect jaw from floor, and recognize that what's being proposed "buggers the CA concept and browser implementation enough to allow ISP’s to stand up “trusted proxies” to MITM and cache SSL content in the name of "increasing performance." Following are highlights of my favorite content from this poorly oddly written draft, as well as some initial comments:

  • "This document addresses proxies that act as intermediary for HTTP2 traffic and therefore the security and privacy implications of having those proxies in the path need to be considered."
    • We agree. :-)
  • "Users should be made aware that, different than end-to-end HTTPS, the achievable security level is now also dependent on the security features/capabilities of the proxy as to what cipher suites it supports, which root CA certificates it trusts, how it checks certificate revocation status, etc.  Users should also be made aware that the proxy has visibility to the actual content they exchange with Web servers, including personal and sensitive information."
    • All I have is "wow".
  • There are opt-out options, sure, but no one's every disguised or abused such options, right?
    • Opt out 1 (proxy certificate): "If the user does not give consent, or decides to opt out from the proxy for a specific connection, the user-agent will negotiate HTTP2 connection using "h2" value in the Application Layer Protocol    Negotiation (ALPN) extension field.  The proxy will then notice that the TLS connection is to be used for a https resource or for a http resource for which the user wants to opt out from the proxy."    
    • Opt out 2 (captive proxy): "Specifies how an user can opt out (i.e. refuse) the presence of a Proxy for all the subsequent requests toward "http" URI resources while it stays in that network."
  • Section 7's title is Privacy Considerations. None are listed.
    • Er? Here, I'll write the section for you. Opt in and you have no privacy.
  • The draft states that the Via general-header field MUST be used by the user-agent to indicate the presence of the secure proxy between the User-Agent and the server on requests, and between the origin server and the User-Agent on responses in order to signal the presence of a Proxy in between, or loosely translated into MITM. 
    • And if it's not used? Session disallowed? Appears not:
      • The draft has said MUST re: the Via header but then says...
        • "If any of the following checks fails the User-Agent should immediately exit this Proxy mode:
          1.  the server's certificate is issued by a trusted CA and the certificate is valid;
          2.  the Extended Key Usage extension is present in the certificate and indicates the owner of this certificate is a proxy;
          3.  the server possesses the private key corresponding to the certificate."
      • ...but says nothing about what happens if the headers are wrong or Via is not used.
  • Love this one: "To further increase the security, the validation by the CA could also include technical details and processes relevant for the security.  The owner could for example be obliged to apply security patches in a timely fashion."
    • Right...because everyone patches in a timely fashion. And the Patch Police agency to enforce this control will be...?

Maybe I'm reading this wrong and don't know what I'm talking about (common), but we think this draft leaves much to be desired.

What do readers think? Imagine this as industry standard in the context of recent NSA allegations or other similar concerns. Feedback and comments invited and welcome.

Russ McRee | @holisticinfosec
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft today sidestepped commenting on the Nokia's decision to launch a new low-cost smartphone powered by an offshoot of Google's Android.
Even professional writers can have problems with their resume. In this month's Resume Makeover, we help a senior technical writer hone his message and appeal to the right audience.
Investor Carl Icahn has ripped into the eBay board of directors and called for the company to spin off its PayPal unit in a colorful letter to eBay stockholders released Monday.
Bromium Labs

Researchers have developed attack code that completely bypasses Microsoft's zero-day prevention software, an impressive feat that suggests criminal hackers are able to do the same thing when exploiting vulnerabilities that allow them to surreptitiously install malware.

The exploit code, which was developed by researchers from security firm Bromium Labs, bypasses each of the many protections included in the freely available EMET, which is short for Enhanced Mitigation Experience Toolkit, according to a whitepaper published Monday. Microsoft has long held out EMET as an important tool for extending the security of Windows computers. The proof-of-concept exploit shows the limitations of those protections. The Bromium exploit included an example of a real-world attack that was able to circumvent techniques designed to mitigate the damage malicious code can do when targeting security bugs included in third-party applications.

"The impact of this study shows that technologies that operate on the same plane of execution as potentially malicious code offer little lasting protection," Bromium Labs researchers wrote in a blog post. "This is true of EMET and other similar userland protections. That’s because a defense that is running in the same space as potentially malicious code can typically be bypassed, since there's no 'higher' ground advantage as there would be from a kernel or hypervisor protection. We hope this study helps the broader community understand the facts when making a decision about which protections to use."

Read 5 remaining paragraphs | Comments

Texinfo File Handling Buffer Overflow Vulnerability
Blackphone, the Swiss start-up that's launching a smartphone with encrypted communications, is planning a series of devices around the same idea, one of the company's co-founders said on Monday.
Adding more muscle to its cloud operations portfolio, IBM is acquiring hosted NoSQL database provider Cloudant.
Qualcomm and Cisco Systems have started developing small cells customized for enterprises, which will be able to use the products to improve indoor wireless network coverage for their employees.
RETIRED: IBM Java Multiple Unspecified Security Bypass Vulnerabilities
PostgreSQL CVE-2014-0064 Multiple Remote Buffer Overflow Vulnerabilities
PostgreSQL CVE-2014-0065 Remote Stack Buffer Overflow Vulnerability
PostgreSQL CVE-2014-0060 Security Bypass Vulnerability
WiFiles HD v1.3 iOS - File Include Web Vulnerability

PacketSled CEO to Present at AGC's 10th Annual West Coast InfoSec and ...
PR Newswire (press release)
SAN FRANCISCO, Feb. 24, 2014 /PRNewswire/ -- PacketSled, the leading innovator in real-time Security Intelligence and Analytics for advanced targeted attacks, will be presenting at America's Growth Capital (AGC) Tenth Annual West Coast InfoSec and ...

and more »
Will Microsoft hold on to Nokia's three new X phones on Android once the deal to buy Nokia is final in the coming weeks? Three analysts attending the Mobile World Congress gave three different perspectives.
More and more for Windows users, there's no OS like an old OS.
SanDisk today released what itsaid is the world's first 128GB microSD card, capable of storing up to 24 hours of high-definition video on an object smaller than your fingernail.
LinuxSecurity.com: A heap-based buffer overflow in TCPTrack might allow a remote attacker to execute arbitrary code.
LinuxSecurity.com: Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in KVIrc, the worst of which allows remote attackers to execute arbitrary code.
LinuxSecurity.com: A vulnerability has been discovered and corrected in phpmyadmin: Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action [More...]
LinuxSecurity.com: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More...]
LinuxSecurity.com: Several security issues were fixed in PostgreSQL.
LinuxSecurity.com: Several vulnerabilities were discovered in otrs2, the Open Ticket Request System. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
LinuxSecurity.com: Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default. [More...]
LinuxSecurity.com: Multiple vulnerabilities have been found in libssh, allowing attackers to execute arbitrary code or cause Denial of Service.
LinuxSecurity.com: A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition.
LinuxSecurity.com: Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys.
LinuxSecurity.com: Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation.
[CISTI'2014]: Iberian Conference on IST; Barcelona; Deadline: February 28
[SECURITY] [DSA 2866-1] gnutls26 security update
Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability
[SECURITY] [DSA 2867-1] otrs2 security update
APPLE-SA-2014-02-21-3 Apple TV 6.0.2
APPLE-SA-2014-02-21-2 iOS 7.0.6
APPLE-SA-2014-02-21-1 iOS 6.1.6
[ MDVSA-2014:047 ] postgresql
44CON 2014 September 11th - 12th CFP Open
CVE-2014-1223 - Cross-site Scripting in Telligent Evolution
Google has removed the option that let Chrome users restore an older version of the new tab page, closing that loophole and showing the oft-criticized scheme to everyone.
python-gnupg CVE-2014-1927 Incomplete Fix Unspecified Remote Command Injection Vulnerability

PerspecSys Wins First Annual Cyber Defense Magazine InfoSec Technologies ...
Broadway World
MCLEAN, VA and SAN FRANCISCO, CA - RSA Conference PerspecSys Inc., the leader in enterprise cloud data protection, today announced it has been selected by Cyber Defense Magazine as a 2014 winner in its InfoSec Technologies Awards for Most ...

and more »
How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.
Nokia's three new Android smartphones -- the X, X+ and XL -- could prove to be the biggest lesson for the smartphone industry at the 2014 Mobile World Congress.
If you're bad at parking your car, whether it's parallel, perpendicular, backing in or backing out, Ford says its new Focus has technology that can help.
Linux Kernel CVE-2014-2039 Local Denial of Service Vulnerability
IBM Rational Focal Point Unspecified Multiple HTML Injection Vulnerabilities
By focusing on customer needs, this IT leader helps grow the business.
A series of project successes convinced end users that they could trust this hard-charging CIO.
Collaboration and employee development are two of this IT leader's priorities.
A customer-service focus turns the business side into IT believers.
Users didn't like IT at Walter Reed, until this CIO diagnosed the problems and took action.
Streamlining business processes allows this IT leader to offer more value to customers.
Businesses must make sure their processes and IT systems adhere to the new regulations.
This IT leader found value in engaging with employees and peers inside and outside of his organization.
At many organizations, there's no longer a linear career path to a senior IT position. The trick is to not shy away from new experiences. Embrace change. Immerse yourself and get up to speed. Look at change as an opportunity to grow.
An explanation of the methodology used to select the 2014 Computerworld Premier 100 IT Leaders.
Intel has finally caught up with Apple with its new 64-bit Atom chips, which should be in Android smartphones and tablets starting as early as the second quarter this year.
Sony today announced a slim, light and waterproof Android-based Xperia Z2 tablet and two new Xperia smartphones at the launch of Mobile World Congress here.
Qualcomm has leaped ahead of Apple in 64-bit mobile chip development with its first eight-core Snapdragon 615 chip for mobile devices, which has integrated LTE and 4K video rendering capabilities.

Posted by InfoSec News on Feb 24


By Manu Kaushik
Business Today
February 22, 2014

The National Cyber Security Policy released by Indian government last year
aims to create a workforce of 500,000 cybersecurity professionals in the
next five years and build a training infrastructure through the
public-private-partnership (PPP) model. Malaysia-based Jay Bavisi,

Posted by InfoSec News on Feb 24


FEBRUARY 23, 2014

A month after Neiman Marcus revealed a hack of customer credit and debit
cards, Bloomberg Businessweek said the attackers set off the retailer's
security system about 60,000 times during their strike.

Between July and October 2013, hackers quietly collected card data via
"sophisticated, self-concealing" malware installed on...

Posted by InfoSec News on Feb 24


By Sara Peters
Dark Reading
February 19, 2014

International cyber policy and enforcement and ownership over the Internet
are all thorny topics, particularly since the Edward Snowden leaks. All of
these subjects will be tackled at the RSA Conference next week in a panel
discussion titled "Cyber Battle: The Future of Conflict."

Outdated extradition...

Posted by InfoSec News on Feb 24


By Jaikumar Vijayan
February 22, 2014

Many companies are dangerously exposed to threats like the recently
revealed Mask Advanced Persistent Threat because they don't properly
manage the Secure Shell (SSH) cryptographic keys used to authenticate
access to critical internal systems and services.

A Ponemon Institute...

Posted by InfoSec News on Feb 24


By Zack Whittaker
Security and Privacy
February 22, 2014

Apple said it will fix a bug "very soon" that allows hackers to spy on
financial, e-mail, and other personal data on computers from its Mac
desktop and notebook lineup.

The Cupertino, Calif.-based technology giant confirmed in an e-mail to
Reuters that it was aware of...
Cisco Unified Communications Manager CVE-2014-0736 Cross Site Request Forgery Vulnerability

Security has long struggled with good metrics: Dr Hugh Thompson, Blue Coat
InformationWeek India
Thompson is the Senior Vice President and Chief Security Strategist at Blue Coat Systems and was recently named as one of the Top 5 Most Influential Thinks in IT Security by a popular Infosec magazine. Dr Thomson shares his view on how the current ...

and more »
Internet Storm Center Infocon Status