Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Chinese search giant Baidu reported a 34 percent jump in profit for the second quarter, with mobile ad sales accounting for almost a third of revenue for the first time.
 
The expected boom in demand for small, often isolated devices in the Internet of Things is driving developers to craft new types of components.
 
IBM WebSphere DataPower XC10 Appliance CVE-2013-5403 Unauthorized Access Vulnerability
 
Hydraulic actuators, battery stacks, biochemical systems and disease propagation are but a few things that now can be modeled more easily, thanks to a number of libraries and a library store that Wolfram Research has created for a new edition of its SystemModeler software package.
 
At least one model of Samsung's most advanced Pro-series SSD became available on Newegg on Thursday, and the website said it's taking pre-orders for other models that will be available by the end of the month.
 
A State Department database crash has delayed the issuing of passports and visas worldwide.
 
The first third-party chips and servers licensed to use IBM's Power architecture will be on the market early next year.
 
In the U.S. alone, nearly $2 billion worth of Apple devices -- Macs, iPhones, iPads and iPods -- were sold on eBay over the past 12 months.
 
HP Network Virtualization CVE-2014-2626 Security Vulnerability
 
Jinja2 Incomplete Fix Insecure File Permissions Vulnerability
 
California is moving its IT services to a cloud, on-demand, subscription-based service that state officials believe may meet as much as 80% of its computing needs.
 
This week, wearable technology vendors, evangelists, executives and experts of all ilk gathered in New York City's Hell's Kitchen neighborhood, at the Wearable Tech Expo, to convene and talk about today's hottest wearables.
 
Microsoft Internet Explorer CVE-2014-2803 Remote Memory Corruption Vulnerability
 
HP Network Virtualization CVE-2014-2625 Security Vulnerability
 
Microsoft Internet Explorer CVE-2014-2802 Remote Memory Corruption Vulnerability
 
The Social Security Administration has spent nearly US$300 million on a software system for processing disability claims that still isn't finished and has delivered limited useful functionality, according to an independent report on the project.
 
Google, Microsoft and Yahoo are meeting with European data protection authorities Thursday to discuss how to implement a recent ruling that gives people the right to have personal information excluded from search results.
 
Apple today released the public beta of OS X Yosemite, giving nondevelopers their first chance to preview an upcoming Mac operating system in 14 years.
 
Hewlett-Packard is betting $50 million that its customers will find value in the Hadoop data processing platform by investing in Hadoop distributor Hortonworks.
 
Apple's grip on the tablet is loosening, with the iPad losing ground during the second quarter this year to Android and Windows tablets.
 
A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.
 
[slackware-security] httpd (SSA:2014-204-01)
 
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398
 
[slackware-security] mozilla-thunderbird (SSA:2014-204-03)
 
[slackware-security] mozilla-firefox (SSA:2014-204-02)
 
[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
 
[SECURITY] [DSA 2987-1] openjdk-7 security update
 
[SECURITY] [DSA 2986-1] iceweasel security update
 
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
You know those cat pictures you keep sharing on social media sites? They may reveal more about you than your love of felines.
 
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Several security issues were fixed in Apache HTTP Server.
 
LinuxSecurity.com: Several security issues were fixed in Oxide.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated qemu-kvm packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
 
Hackers have stolen user contact information, including email addresses and phone numbers, from the website of the European Central Bank and attempted to extort money from the institution.
 
Lenovo showed off a smart glasses prototype on Thursday, part of a push to attract developers and other hardware manufacturers to a new partner program.
 
Salesforce.com is combining its Pardot marketing software, sales automation application and social communities platform into a new product called Sales Reach, which it says can help salespeople nurture leads and make deals in real time.
 
Huawei E355 CVE-2014-2968 HTML Injection Vulnerability
 
The G3 has boosted LG's smartphone shipments to record levels and helped reverse three quarters of losses at its phone division, the electronics giant said Thursday.
 
EBay faces a class action suit in a U.S. federal court over a security breach earlier this year.
 
Apple announced it sold 13.3 million iPads in the second quarter, a year-over-year drop of 9%, the second straight quarter of declining numbers, and blamed a slowdown in developed markets.
 
The truth, when it comes to computer employment data, is almost always ugly.
 
Twitter disclosed the gender and ethnicity breakdown of its employees on Wednesday, less than a week after U.S. civil rights leader Rev. Jesse Jackson called on the company to release its employee diversity information.
 
Nokia's new low-cost Lumia 635 smartphone makes some unfortunate hardware compromises, but on the plus side it comes with the excellent Windows Phone 8.1.
 

Posted by InfoSec News on Jul 24

http://www.computerworld.com/s/article/9249939/Firm_says_vulnerability_in_Tails_contained_in_I2P_component

By Jeremy Kirk
IDG News Service
July 23, 2014

A vulnerability broker published a video demonstrating one of several
flaws it has found in the privacy-focused Tails operating system, which is
used by those seeking to make their Web browser harder to trace.

Exodus Intelligence of Austin, Texas, said its short clip shows how the
real IP...
 

Posted by InfoSec News on Jul 24

http://www.bloomberg.com/news/2014-07-23/the-barnaby-jack-few-knew-celebrated-hacker-saw-spotlight-as-necessary-evil-.html

By Jordan Robertson
Bloomberg.com
July 23, 2014

When celebrated computer hacker Barnaby Jack died suddenly a year ago at
the age of 35, headlines around the world touted the Steve Jobs-style
pizazz he brought to cyber-security conferences and his show-stopping
stunts such as breaking into ATMs and pacemakers. In hacker...
 

Posted by InfoSec News on Jul 24

http://www.computing.co.uk/ctg/news/2356805/wall-street-journal-computers-taken-offline-after-cyber-attack

By Danny Palmer
Computing.co.uk
7/23/2014

Computers at The Wall Street Journal were taken offline after it was
discovered hackers had infiltrated networks at the brand, its publisher
Dow Jones & Co has said.

The computer systems, which contained Wall Street Journal's news graphics,
were hacked by an outside party and have been...
 

Posted by InfoSec News on Jul 24

http://www.darkreading.com/attacks-breaches/ram-scraper-malware-why-pci-dss-cant-fix-retail/a/d-id/1297501

By Brian Riley
Dark Reading
7/23/2014

There is a gaping hole in the pre-eminent industry security standard aimed
at protecting customers, credit card and personal data

Target, Neiman Marcus, Michael’s, and possibly P.F. Chang’s all have one
thing in common: They are recent victims of a type of malware called a RAM
scraper that...
 

Posted by InfoSec News on Jul 24

http://www.forbes.com/sites/katevinton/2014/07/23/seven-arrested-for-fleecing-stubhub-for-1-6-million-in-tickets/

By Kate Vinton
Forbes Staff
7/23/2014

Seven alleged cyber criminals have been arrested as part of an
international cybercrime ring that hacked StubHub and laundered upwards of
$1.6 million dollars, the New York D.A.’s Office announced Tuesday. Two
of the alleged criminals were arraigned in New York today, with bail set
at $2...
 
Google Chrome CVE-2014-3154 Use After Free Remote Code Execution Vulnerability
 
Google Chrome CVE-2014-3803 Information Disclosure Vulnerability
 
Google Chrome Prior to 36.0.1985.122 Multiple Security Vulnerabilities
 
Google Chrome CVE-2014-1741 Integer Overflow Vulnerability
 
Google Chrome CVE-2014-3157 Heap Based Buffer Overflow Vulnerability
 

One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users “virtually meet” this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong.

However, the “Previous Versions” feature can be very handy when other mistakes or incidents happen as well. For example, if a user deleted a file in a folder, and the “Previous Version” feature is active, it is very easy to restore a deleted file by clicking the appropriate button in the Properties menu of the drive/folder that contained the deleted file. The user can then simply browse through previous versions and restore the deleted file, as shown in the figure below:


Previous Versions tab

You can see in the figure above that there are actually multiple versions of the Desktop folder that were saved by the “Previous Versions” feature. A user can now simply click on any version he/she desires and browse through previous files.

How can this help against Cryptolocker and similar ransomware? Well simply – when such ransomware infects a machine, it typically encrypts all document files such as Word and PDF files or pictures (JPG, PNG …). If the “Previous Versions” feature is running, depending on several factors such as allocated disk space for it as well as the time of last snapshot (since “Previous Versions” saves files comparing to the last snapshot, which would normally take place every day), you just might be lucky enough that *some* of the encrypted files are available in “Previous Versions”.

Monitoring “Previous Versions” activities

As we can see, by using this feature it is very simple to restore previous files. This is one of the reasons why I see many companies using this feature on shared disks – it can be very handy in case a user accidentally deleted a file.

However, there are also security implications here. For example, a user can restore a file that was previously deleted and that you thought is gone. Of course, the user still needs access rights on that file – if the ACL does not allow him to access the file he won’t be able to restore it, but in case an administrator set ACL’s on a directory, which is typically the case, and everything else below it is inherited, the user might potentially be able to access a file that was thought to be deleted.

This cannot be prevented (except by changing ACL’s, of course), so all we can do in this case is to try to monitor file restoration activities. Unfortunately, Windows is pretty (very?) limited in this. The best you can do is to enable Object Access Audit to see file accesses and then see what a particular user accessed. That being said, I have not been able to stably reproduce logs that could tell me exactly what version the user accessed – in some cases Windows created a log such as the following:

Share Information:
                Share Name:                    \\*\TEST
                Share Path:                    \??\C:\TEST
                Relative Target Name:          @GMT-2014.07.02-11.56.38\eula.1028.txt

This is event 5145 (“A network share object was checked to see whether client can be granted desired access”), and it is visible which copy was accessed but, as I said, I was not able to have this event generated by this constantly.

Conclusion

The “Previous Versions” feature is very handy in cases when you need to restore a file that was accidentally deleted or modified and can sometimes even help when a bigger incident such as a ransomware infection happened. Make sure that you use this feature if you need it, but also be aware of security implications – such as the fact that it automatically preserves deleted files and their modified copies.

Finally, for some reason Microsoft decided to remove, actually modify this feature in Windows 8. The “Previous Versions” tab does not any more exist in Explorer (actually it does, but you need to access files over a network share). For saving local files Windows 8 now use a feature called “File History”. It needs to be manually setup and it needs to have an external HDD which will be used to save copies of files. This is definitely better since, if your main HDD dies, you can restore files off the external one, but keep in mind that it needs to be setup manually. Finally, if you use EFS to encrypt files, the “File History” feature will not work on them.

--
Bojan
​bojanz on Twitter

INFIGO IS

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status