Hackin9
A gaping hole in Amazon.com's mobile application, now fixed, allowed hackers to have an unlimited number of attempts guessing a person's password, according to security vendor FireEye.
 
After top smartphone makers announced new products at Mobile World Congress this week, Apple's iPhone 5s remains the only 64-bit handset available. But with new chips announced at the show and 64-bit Android now ready, competitive handsets are only a few months away.
 
The INFORMS code of ethics requires analytics professionals to report unbiased answers, not just what the client wants to hear.
 
Michael White, CEO of DirecTV, describes the company's innovation culture and what he expects from his CIOa(c).
 
Three tips for handling people who are poisoning the organization's culture.
 
Microsoft delivered the first service pack for Office 2013 on Tuesday, making good on a promise last year to ship the update in early 2014 and synchronizing its release with prior editions' initial service packs.
 
Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability
 
Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability
 
Cisco Unified Communications Manager CVE-2014-0741 Local Privilege Escalation Vulnerability
 
NASA announced the discovery of 715 planets orbiting 305 stars, revealing multi-planet systems much like our own solar system.
 
Are iPhones used primarily by more mature mobile users who crave ease of use? Are Android phones more popular among the young, techie and cost-conscious? CIO.com's Tom Kaneshige has discovered there are no simple answers.
 
The head of BlackBerry's enterprise services business is plotting an aggressive launch of a new version of the company's core enterprise server later this year as BlackBerry seeks to regain some of the ground it's lost over the last few years.
 
Persistent XSS in Media File Renamer V1.7.0 wordpress plugin
 
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
 
APPLE-SA-2014-02-25-3 QuickTime 7.7.5
 
[security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates
 
Japan's top government spokesman said authorities are gathering information on the situation at Tokyo-based Bitcoin exchange Mt. Gox, where trading halted amid concerns that hundreds of millions of dollars worth of bitcoin are missing.
 
The head of BlackBerry's enterprise services business is plotting an aggressive launch of a new version of the company's core enterprise server later this year as BlackBerry seeks to regain some of the ground it's lost over the last few years.
 
A recent threat intelligence study reports widespread security vulnerabilities in healthcare organizations, many of which went unnoticed for months. In December, a developer pulled unencrypted data from a 'certified' mobile health app in less than a minute. Why is it so hard for healthcare to get security right?
 
Arizona's tech industry is united in fighting a state bill that allows a business to deny service to gay customers for religious reasons.
 
IBM CEO Ginni Rometty took to the Mobile World Congress stage Wednesday to announce a global competition to encourage developers to create mobile consumer and business apps powered by its Watson supercomputer platform.
 
Ruby on Rails CVE-2014-0082 Denial of Service Vulnerability
 
Ruby on Rails 'NumberHelper' Module Multiple Cross Site Scripting Vulnerabilities
 
The U.S. House of Representatives has passed a bill that would allow mobile phone users to unlock their devices and switch carriers, overriding a 2013 decision by the Library of Congress to make the practice illegal.
 
Chip vendors and device makers are readying the smartphones, hotspots and cars that will let users eventually enjoy higher download speeds with LTE-Advanced.
 

Underscoring the insecurity of many online dating, job, and e-mail services, security researchers said that they have tracked almost 360 million compromised login credentials for sale in underground crime forums over the past three weeks.

The haul, which included an additional 1.25 billion records containing only e-mail addresses, came from multiple breaches, according to a statement posted Tuesday by Hold Security. The biggest single list contained 105 million details, making it among the bigger online finds, the firm told Reuters. The cache included e-mail addresses that most likely served as user names and corresponding passwords. It remains unclear what service the account credentials unlock.

Hold Security is the same firm that in October discovered the circulation of 153 million user names and passwords stolen during a massive breach of Adobe's corporate network. A month later, the security firm uncovered 42 million plaintext passwords taken during a hack on niche dating service Cupid Media.

Read 1 remaining paragraphs | Comments

 
[security bulletin] HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
 
APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2
 
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
 

Brett, who alerted us earlier this month regarding the mass exploit against Linksys devices has surfaced a current issue he's facing with ongoing NTP amplification attacks. A good US-CERT summary of the attack is here: https://www.us-cert.gov/ncas/alerts/TA14-013A. Brett indicates that:

"We are seeing massive attacks on our NTP servers, attempting to exploit the traffic amplification vulnerability reported last month. Our IPs are being probed by an address in the Netherlands, and a couple of them -- at which unpatched servers were discovered -- are being hit with about 3 million spoofed packets per hour. (We've since patched and firewalled the vulnerable servers, but the packets keep coming.) The spoofed packets are crafted so that they appear to be originating mostly from port 53 and 80, but occasionally have other port numbers such as 3074 (XBox) and 6667 (IRC). This is a very serious attack for us, and I'd appreciate some help in alerting folks to it."

He also sent along a 8 second packet capture that I've visualized as seen below.

NTP Amplification Attack

According to Brett, folks receiving similar traffic will see numerous "monitor" queries from spoofed source addresses and ports. His ISP is receiving roughly 3 million of these packets every hour, aimed at 3 IP addresses that belonged to FreeBSD servers that were vulnerable in their default configurations, servers that have now been patched and firewalled. He reminds us that even when The FreeBSD Project's patch has been applied, a vulnerable server will continue to respond to the queries with an equal number of rejection packets. While the patch eliminates the traffic amplification, the traffic is still echoed and its origin is further obscured.
Brett's ISP is are also seeing probes of their IPs looking for additional vulnerable servers originating from IP address 93.174.95.119 (NL), "which may be a server controlled by the person(s) behind the attack. The probes stand out because they are reported by tcpdump as being NTPv2, while most of the other traffic is NTPv3 or NTPv4. Level3 was apparently having congestion problems yesterday and today, and this may be why."

If readers are seeing similar traffic, please provide details in comments here.

Russ McRee | @holisticinfosec


 

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

PerspecSys Wins First Annual Cyber Defense Magazine InfoSec Technologies ...
Consumer Electronics Net
MCLEAN, VA and SAN FRANCISCO, CA -- (Marketwired) -- 02/24/14 -- RSA Conference -- PerspecSys Inc., the leader in enterprise cloud data protection, today announced it has been selected by Cyber Defense Magazine as a 2014 winner in its InfoSec ...

 
Wacom has grand designs for a new graphical language that, it says, will allow input and sharing of writing movements across multiple platforms, with or without one of its trademark digital styluses.
 
Crowds at Mobile World Congress clamored to see in-car infotainment systems that will soon be connected to the Internet via wireless networks around the globe.
 
It seems there's a startup for everything these days. Sure, there are benefits from introducing new, more efficient systems to your enterprise, but there are also technical, financial and practical considerations before signing on with a startup tech company. Here are the pros and cons.
 
IBM-owned Fiberlink and BlackBerry are adding Windows Phone to the list of platforms they can manage and protect, as enterprise interest for the smartphone OS is increasing.
 
Embedthis Goahead Webserver Multiple Denial of Service Vulnerabilities
 
xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
 
Marketing experts share their strategies for developing a successful marketing campaign in today's multichannel, mobile, social-media-driven world.
 
SAP and BMW have created a prototype that uses SAP's HANA in-memory database platform to send personalized services and offers to people as they drive around in their cars.
 
LinuxSecurity.com: Several security issues were fixed in FreeRADIUS.
 
LinuxSecurity.com: Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: GnuTLS incorrectly validated certain intermediate certificates.
 
LinuxSecurity.com: An updated rubygems package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.2. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system.
 
Symantec Endpoint Protection Manager CVE-2013-5014 XML External Entity Injection Vulnerability
 
Multiple Schneider Electric Products Remote Denial of Service Vulnerability
 
A company that pursues growth through buyout while ignoring the market realities that are undermining its position will just make a louder noise when it finally falls.
 
Linux Kernel 'tcp_rcv_state_process()' Function Denial of Service Vulnerability
 
A cybersecurity company said Tuesday it has obtained a list of 360 million account credentials for Web services, likely collected through multiple data breaches.
 
Kaspersky Lab has spotted malware for the Android mobile operating system employing the TOR anonymity network, a development previously only seen on Windows.
 
Reports indicated Ford is ready to leave Microsoft behind as the supplier of its in-vehicle infotainment platform and move to Blackberry's QNX OS. I own a Ford with Sync, so I can tell you why they're doing it.
 
The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.
 
In the battle between enterprises and malicious hackers, the bad guys are clearly winning, judging by the sheer number of people and exhibitors at the RSA security conference going on here this week.
 
Catfish '/usr/bin/catfish' Local Privilege Escalation Vulnerability
 
Samsung announced new 32-bit Exynos chips for smartphones and tablets with six- and eight-CPU cores, but left questions hanging on when the company will launch its first 64-bit chip.
 
A diverse set of real-world Java benchmarks shows that Google is fastest, Azure is slowest, and Amazon is priciest
 
Apple had no knowledge that publishers were engaged in a conspiracy in December 2009 or at any other point, the company said in its appeal against a district court ruling which found Apple and five major U.S. publishers had conspired to fix e-book prices.
 

PacketSled CEO to Present at AGC's 10th Annual West Coast InfoSec and ...
IT Business Net
SAN FRANCISCO, Feb. 24, 2014 /PRNewswire/ -- PacketSled, the leading innovator in real-time Security Intelligence and Analytics for advanced targeted attacks, will be presenting at America's Growth Capital (AGC) Tenth Annual West Coast InfoSec and ...
InfoStretch Is Being Featured at the AGC Partners' Tenth Annual West Coast ...PR Web (press release)
Skyera CEO Presents at AGC Partners' 10th Annual West Coast Information ...IT News Online

all 11 news articles »
 

Posted by InfoSec News on Feb 26

http://www.zdnet.com/apple-releases-os-x-10-9-2-update-patches-severe-ssl-bug-7000026765/

By Adrian Kingsley-Hughes
ZDNet News
Security
February 25, 2014

Apple has released OS X 10.9.2 update for all Maverick users, which,
amongst other things patches the SSL bug in the operating system that
could allow full transparent interception of HTTPS traffic.

This vulnerability not only affected Safari, but also other installed
applications relying...
 

Posted by InfoSec News on Feb 26

http://dailycaller.com/2014/02/25/first-contagious-wifi-computer-virus-goes-airborne-spreads-like-the-common-cold/

By Giuseppe Macri
The Daily Caller
02/25/2014

Computer science researchers have demonstrated for the first time how a
digital virus can go airborne and spread via WiFi networks in populated
areas at the same pace as a human diseases.

The "Chameleon" virus, designed by a University of Liverpool team, showed
a...
 

Posted by InfoSec News on Feb 26

http://www.reuters.com/article/2014/02/25/us-cybercrime-databreach-idUSBREA1O20S20140225

By Jim Finkle
Reuters
February 25, 2014

A cybersecurity firm said on Tuesday that it uncovered stolen credentials
from some 360 million accounts that are available for sale on cyber black
markets, though it is unsure where they came from or what they can be used
to access.

The discovery could represent more of a risk to consumers and companies
than...
 

Posted by InfoSec News on Feb 26

http://news.techworld.com/security/3503842/marussia-formula-1-teams-race-testing-disrupted-by-trojan-malware/

By John E Dunn
Techworld
25 February 2014

The Marussia Formula 1 racing team has admitted losing an entire day’s
race testing in Bahrain last week after the computer systems used for
in-car telemetry were disrupted by Trojan malware.

The UK-based Russian-sponsored team didn’t specify which Trojan caused the
problems nor why it...
 
PostgreSQL CVE-2014-0066 Remote Denial Of Service Vulnerability
 
Apple Mac OS X CVE-2013-1032 Memory Corruption Vulnerability
 
Internet Storm Center Infocon Status