InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
BCA or other wise known as Bangladesh cyber army has been on a defacing spree this week leaving over 1100 websites defaced. Most of the sites are still defaced at time of publish.

The 4G network standards approved last week by the ITU may improve the mobile data experience soon, even if consumers don't actually see the 100M bps mobile speed for which they were designed.
xdev from @b4lc4nh4ck has hacked and leaked a bunch of accounts from sellpal.co.uk which is an online sales store. the leak contains 2,500 of the claimed 9,000 accounts which words of more to come soon.

Source code theft from Symantec?s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Gibbs follows up on last week's column on the Lantronix xPrintServer and looks at Twine, a wireless sensor device that got funded on Kickstarter.
SAP plans to roll out support for the ERP module within its flagship Business Suite product family on the HANA in-memory database platform in the fourth quarter of this year, executive board member and technology chief Vishal Sikka said in an interview Wednesday.
Though wariness about the perceived lack of security in cloud-based services is often voiced, there are some situations where the opposite is the case. Some businesses mindful of security say the cloud services that are important to them have done a lot of work to meet their expectations about security.
Data protection and online privacy rules proposed for the European Union could hinder the development of new Web-based business models and bog down companies with regulations, some U.S. critics said Wednesday.
Symantec released a patch for pcAnywhere products that fixes couple of vulnerabilities, among which the most dangerous one allows remote code execution. You can see Symantecs advisory here.
Now, for last couple of weeks there have been a lot of rumors about source code of several Symantecs products that got stolen by yet unknown hackers. Besides a post that listed file names nothing else has been released in public yet, as far as we know.
However, Symantec also released a document (available here) that details security recommendations for pcAnywhere users. It is obvious that Symantec is aware of how critical published vulnerabilities are. It makes us wonder if there already have been active exploitation of the published vulnerabilities or Symantec is just extra careful?
Well keep an eye on this, and if you are a pcAnywhere user PATCH NOW.
And a short update: according to DShield data it appears that someone started scanning around for services on port 5631 (pcAnywhere). While the number of sources is still relatively low (indicating a single scanner, or a small number of them), the number of targets is pretty high. See for yourself here.
Update 2

Just further to the information Bojan has already provided. Keep in mind that pcAnywhere is part of a number of Symantec products including backup, security and of course it is part of the Altiris management suite. - MH



INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Like taxes and death, it's virtually inevitable that you will fill up your hard drive. In decades gone by, that might mean scrutinizing the data stored there and figuring out what to throw overboard to free up space. But, storage is relatively cheap, and there are a variety of options available to extend your storage capacity.
HP announced on Wednesday that it plans to release the code behind webOS in September under the Apache License, Version 2.0.
SAP NetWeaver Multiple Remote Vulnerabilities
A security-related company that until late December employed the Russian developer who allegedly created the Kelihos botnet said today it was 'extremely disappointed and angered' at the revelation.
Motorola filed a new lawsuit in Florida charging Apple with infringing six patents in the iPhone 4S and four of those patents in iCloud.
Radiation from the largest solar flare in more than six years shouldn't adversely affect communications or technology for most people on earth, experts say.
All companies storing personal data on Massachusetts residents have until March 1 to ensure that their contractors, suppliers, technology providers and other third parties comply with a new provision of the state's data breach law.
Mozy released the beta of a new file synchronization service called Stash, which allows photos, videos or documents to be uploaded automatically to the cloud and shared across any device.
@b4lc3nh4ck has hacked Harvard and dumped a small amount of personal details online. the details are usernames, phones and emails.

ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
Microsoft has named a Russian programmer as the one who wrote the malicious Kelihos code used to create a small botnet that peddled spam and child pornography.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple sold more iPad tablets last quarter than any single PC maker sold personal computers.
IT professionals believe that assessing the potential harm caused by data breaches is more useful to mitigating the effects of such incidents than notifying affected individuals, according to a survey published on the day the European Union's proposed a 24-hour deadline for data breach disclosures.
Internet users in the European Union will benefit from greater control over their personal data if new proposals to reform the Data Protection Directive are implemented.
0xOmar has come back and dumped another huge amount of accounts from claimed Israeli's. We can confirmed the leak contain massive amount of data but we are still working on getting full details and validating it all.

SEPO aka @anon_4freedom has been on a spree of attacking banking and finanical related websites, this time they have targeted Commercial Bank of Ethiopia.

Bip File Descriptors Stack Buffer Overflow Vulnerability
AlienZ has been on a roll hacking websites recently and now they have dumped a huge amount of data from these websites. the attack is part of the on going middle east cyber war and is partly in relation to the earlier attacks on Israeli hospitals.

Symantec pcAnywhere Host Services Remote Code Execution Vulnerability
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
Businesses of almost all types are increasingly dependent on service providers for network connectivity that consistently delivers certain performance characteristics. In addition to basic service availability, these characteristics increasingly include peak, average and minimum bandwidth utilization, latency (delay) and latency variation (jitter), and packet loss -- all of which can affect operational efficiency and end user satisfaction. This is especially the case with Ethernet-based service offerings employing packet transport to deliver E-LINE services operating at speeds up to tens of gigabits per second.
SAP said Wednesday that it had exceeded its guidance for revenue and profit in 2011, its best year in its 40-year history, and was positioned to exceed its revenue target of a!20 billion (US$26 billion) in 2015.
Hannibal has leaked more information, but this time its in the form of documents that are claimed to be from militarys, governments and others. In the first release's he did, he did warn of document leaks that would come so i guess this must be them.

alsa7r has leaked a small amount of claimed facebook accounts just to "prove they can leak data to", which is a bit silly.

Once again STK has dumped more data online in bulk format with many more websites being hacked and thousands of accounts being leaked. this brings the total of sites hacked and leaked by STK to over 130 just in a short 2 weeks, which makes it one of the biggest attacks we have covered so far.

Oracle PeopleSoft CVE-2012-0080 PeopleSoft Enterprise HCM Remote Vulnerability
Oracle PeopleSoft CVE-2012-0088 PeopleSoft Enterprise HCM Remote Vulnerability
[SECURITY] [DSA-2393-1] bip security update
D-Link DIR-601 TFTP Directory Traversal Vulnerability
CSRF (Cross-Site Request Forgery) in DClassifieds
Multiple vulnerabilities in OSclass
[security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
[security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
TWSL2012-002: Multiple Vulnerabilities in WordPress
Tibco has added geolocation technology to its Tibbr enterprise social-networking platform, in a move that will allow companies to use physical spaces as "data hubs," or launching points for information delivery and collection.
Interview: Ryan Dahl discusses why his invention is catching fire with developers
Amazon Web Services has launched a public beta test of AWS Storage Gateway, which allows enterprises to back up application data in Amazon's cloud using a software appliance, the company said on Tuesday.
Zionops has picked up on a very sad story for hackers, Ddos attacks that disabled the systems websites that belong to hospitals in Israel. this just adds fuel to the fire that has been burning for a couple of weeks now and is turning out to be the "middle east cyber war"

Object-based storage vendor Cleversafe today unveiled a storage system that can hold 1 billion gigabytes of data under a single domain name.
New proposals for Europe's data-protection law would see companies facing fines of up to 2% of their global turnover if they breach the rules.
Nvidia lowered its revenue forecast Tuesday for the quarter ending Jan. 29, citing the impact of the hard disk drive shortage caused by the Thailand floods.
Teleconferencing vendors say they're trying to strike the right balance between security and usability after security researchers found they could dial in to the conference lines of major companies and manipulate video cameras to spy on boardrooms.
President Barack Obama Tuesday attacked offshoring, urged businesses to bring jobs back to the U.S., and renewed his appeal for visa reforms to keep foreign students from returning home after earning advanced degrees.
Soaring demand for wireless bandwidth is putting a squeeze on the wireless spectrum. Experts are divided on whether it's a temporary crunch or a full-blown crisis.
A hacker going by the name ULTRA-DJ has hacked a "meet people online" website and dumped 500 or so accounts The leak contains usernames, emails and passwords which are encrypted.

OpMegaUpload has been taking huge pace, probably one of the faster growning operations that Anonymous hackers have carried out, so far we have neglected to follow this due to is pace and limited time.


Posted by InfoSec News on Jan 24


By Kelly Jackson Higgins
Dark Reading
Jan 24, 2012

Microsoft is continuing its legal tear against botnets: It has now named
the botnet operator of the Kelihos botnet that it helped take down last

The alleged perpetrator, Andrey N. Sabelnikov, a Russian engineer, has
been added to...

Posted by InfoSec News on Jan 24


By Lucian Constantin
IDG News Service
January 24, 2012

Linux vendors are rushing to patch a privilege escalation vulnerability
in the Linux kernel that can be exploited by local attackers to gain
root access on the system.

The vulnerability, which is identified as CVE-2012-0056, was discovered
by JA1/4ri Aedla and...

Posted by InfoSec News on Jan 24


By Bob Brewin

SAN DIEGO -- The Navy has a compelling need for shipboard assurance
systems to maintain a secure environment, the service's top
command-and-control acquisition official told an overflow audience here
at the annual Armed Forces Communications and Electronics
Association-West conference. AFCEA is an industry group.

Last year, the Navy installed...

Posted by InfoSec News on Jan 24


[Anyone want to place some bets on the number of sites hacked
based on techniques mentioned Ankit Fadia's 'How to Unblock Everything on the

http://securityerrata.org/errata/charlatan/ankit_fadia/ -...
SEPO aka @anon_4freedom has continued to attack banks and leak data related to them. This come after many attacks on Ghana websites and now times for Endiama National Diamond Company of Angola (endiama.co.ao) has been hacked and data leaked as well.


Posted by InfoSec News on Jan 24


By Kim Zetter
Threat Level
January 24, 2012

MIAMI, Florida -- A security researcher was able to locate and map more
than 10,000 industrial control systems hooked up to the public internet,
including water and sewage plants, and found that many could be open to
easy hack attacks, due to lax security practices.

Infrastructure software vendors and critical...
In Sepo aka @anon_4freedom's mission to expose Ghana websites another bank has been hacked and had information leaked. The bank is Ghana UT bank which specializing in Loans, Investments Corporate Banking, International Banking, Commercial Banking.

Sepo aka @anon_4freedom has been on a mission lately to expose all of Ghana's weak links, so far we have seen at least 5 major sites effected over the past week, including another bank, stockmartet website and even a tv station.

Internet Storm Center Infocon Status