InfoSec News

If you get an email message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it's part of a new spam campaign that could infect your computer.
A just-published standard for using the abandoned "white spaces" between TV channels could offer wireless networking at speeds of as much as 22 Mbps over distances as great as 62 miles.
Citrix has identified a vulnerability in the XenApp and XenDesktop which could potentially be exploited by sending a well crafted packet to the XML vulnerable component. The code will run with the privileges of the service.
Citrix has posted a list of versions vulnerable to this issue with the hotfixes available here.

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
After weeks of explosive growth, the Google+ social networking site's traffic and usage dropped last week, according to Hitwise.
F5 is making it possible to drastically reduce the complexity of configuring its Big-IP application delivery controllers when customers want to provide specific services to specific applications.
ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability
MinaliC Directory Traversal and Denial of Service Vulnerabilities
Red Hat Linux Kernel VLAN Packets Handling Remote Denial of Service Vulnerability
FootBall Cms (view_table_lig.php?group) XSS Vulnerability
Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability
The former CTO of NASA and co-founder of OpenStack unveiled a new appliance designed to make it easy for enterprises to build private clouds.
A group of 29 universities will seek ideas on how to improve broadband speeds at their campuses and surrounding communities.
Where are the users? That's what popular websites including Yahoo, Google and Facebook are asking the Internet engineering community when they are questioned about their long-range plans to deploy IPv6.
ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability
Fglrx 'xauth' Cookie Information Disclosure Vulnerability
ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability
ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability
ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability
Employees enjoy using work-related mobile apps, especially on smartphones and tablets that they choose themselves, according to a new survey.
An Android app allows Google+ members to keep up with the new social networking service on their smartphones.
See stories by Ken Mingis.
Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability
[ MDVSA-2011:121 ] samba
Redirection vulnerability in MBoard
Multiple XSS in GBook PHP guestbook
Google yesterday updated Chrome to work better in Apple's Lion OS, adding support for the operating system's default two-fingered page-swiping gesture.
The torrent of smartphones and tablets entering companies has created some interesting challenges for security managers. The new devices introduce new operating systems, new development environments and new security risks, but no new control. The scariest acronym in security might well be "BYOD," or "bring your own device." As companies develop security and mobility strategies to deal with these devices, it is worth bearing in mind the lessons learned from managing laptops. But it is also worth applying some of the new lessons from smartphones on the laptops, too!
While Google asks businesses to hold off using its new Google+ social network, rival Facebook is helping companies get onboard its site.
Cisco SA 500 Series Appliances Web Management Interface Remote Command Injection Vulnerability
Cisco SA 500 Series Appliances Web Management Interface (CVE-2011-2546) SQL Injection Vulnerability
iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability
G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability
SA500 vulnerabilities - details
[ MDVSA-2011:120 ] freetype2
Reader Adam Daly regrets the Safari he's just taken. He writes:
Software that lets drivers unlock car doors and even start their vehicles using a mobile phone could let car thieves do the very same things, according to computer security researchers at iSec Partners.
Citibank unveiled a new free banking app for iPad users with a focus on giving its customers a graphically rich view of their finances.
ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability
ESA-2011-024: EMC Captiva eInput multiple vulnerabilities
[SECURITY] [DSA 2286-1] phpmyadmin security update
Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised tool, a researcher said today as he urged owners to apply Apple's latest iOS fix.
CA Technologies has updated a number of its programs to make their users more ready to run some operations in a cloud environment, the company announced Wednesday.
SAP has seen software sales rebound steadily after a dip during the global recession, and is hoping to supercharge its business with forays into in-memory computing, SaaS (software as a service) and mobile applications, a business it entered with last year's acquisition of Sybase.
WebKit CVE-2011-0232 Memory Corruption Remote Code Execution Vulnerability
WebKit CVE-2011-0255 Memory Corruption Remote Code Execution Vulnerability
Security researchers are expected to release new search engine hacking tools that organizations can use to determine if their sites are vulnerable to attack, or leaking information.

Add to digg Add to StumbleUpon Add to Add to Google

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
A demo at Black Hat next week will remotely hack a car alarm, unlock the doors and start the vehicle, but that's just a parlor trick to call attention to a bigger problem that has the Department of Homeland Security on alert.
Google has improved its +1 button to make it load and perform faster on Web pages that feature it.

Peer Pressure Drives Many To Acquire Security Certifications
Mike Murray, also with InfoSec Leaders and co-founder of MAD Security, said as a manager, he has never hired or promoted someone based on a certification: "I can't remember a time I've ever done that or known anyone who did that," he said. ...

and more »

Until this week, Malwarebytes went about its business of tracking and removing malware pretty quietly. But on Monday, the company went public so to speak, announcing that it recently reached 100 million downloads, completed an acquisition, expanded its operations, and is developing a version of its product for the SMB market.

Based in San Jose, Malwarebytes got its start back in 2004, when CEO Marcin Kleczynski was working as a technician at another company and saw many computers infected with malware. At the same time, his home machine became infected; after three days of scouring Web forums, he managed to get rid of the infection, and in 2006, he released a free anti-malware tool, Rogue Remover. Malwarebytes Anti-Malware was released to the public in 2008, and has since built a reputation for being able to remove malware that well-known antivirus programs failed to detect or clean up.

The company positions its behavior-based technology as complementary to antivirus software and works with many antivirus companies to ensure compatibility. It also partners with vendors such as Barracuda Networks, which packages Malwarebytes Anti-Malware with its hardware.

“We’re not designed to replace antivirus,” Kleczynski said in an interview. “We knew there was this gaping hope in antivirus technology. We don’t go after file infectors or certain threats. We go after what we think antivirus is bad at.”

Malwarebytes recently completed its acquisition of HPHosts, which provides a blacklist of malicious websites, ad servers and tracking servers. The company said the deal will help ensure that it can protect against the newest malicious IP addresses and block the Web servers used to distribute the malware.

Malwarebytes also announced that it expanded its operations into the EMEA market by hiring Fernando Francisco to lead its operations there.

The company’s roadmap includes a corporate version of its software designed for the SMB market, slated for release in three to six months. “On the enterprise side, we know there are specific needs… The need to pull up reports, manage the product in real time, and simplify deployment of our product on a large scale,” said Marcus Chung, executive vice president and COO.

Malwarebytes Anti-Malware currently is available in two versions: a free, manual one that removes malware from systems, and a fully-licensed PRO version that provides real-time malware protection. When it first started, the company’s business was 85% consumer but its corporate side has grown and today accounts for 25%, Chung said.

Add to digg Add to StumbleUpon Add to Add to Google

Phony message tricks users into logging into a bogus AdWords account to “reactivate” a Google AdWords campaign.

A new phishing attack targeting users of Google AdWords has surfaced in a variety of spam emails, according to security vendor Sophos.

Users of the AdWords service may be easily tricked by a phony email message purportedly from Google warning that their AdWords campaign has been suspended. If the user is tricked into clicking a link, the person is forwarded to a phony Google AdWords page and prompted to log into their account. Attempting to log in on the phony page immediately exposes the victim’s account credentials, according to Sophos’ Graham Cluley.

“It’s a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don’t forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth.”

We’ve heard that account credentials have been growing in value to cybercriminals, while at the same time credit card information, which has flooded the black market, has declined in value. Microsoft’s Security Intelligence Report, issued in May documents the trend. In 2010, according to Microsoft, phishing impressions from social networks – a single instance of a user attempting to visit a known phishing site – increased from a low of 8.3% of all impressions in January 2010 to a high of 84.5% of impressions in December.

As people put more of their daily lives on social networks and in other public forums, phishers may be gaining the upper hand. Cisco Systems Inc. recently documented an increase in Spear Phishing attacks. Those attacks target a subset of users at an organization or individuals with very specific and convincing phishing messages. Cisco said spear phishing netted cybercriminals $150 million in June by its estimate.

Symantec’s most recent Intelligence Report (PDF), which gathered statistics in found that in July phishing activity was detected in one in every 319 emails. The number of phishing websites decreased by 6.76% in July. The numbers are typically cyclical depending on the time of year with spam and phishing increasing during peak shopping seasons.

Add to digg Add to StumbleUpon Add to Add to Google
India's HCL Technologies has been questioned by the U.K. Parliament's Home Affairs Committee inquiring into a phone-hacking scandal, following allegations in Parliament that the outsourcer was involved in destroying data on behalf of News International.
D-Bus Message Byte Order Denial of Service Vulnerability
In an attempt to get away from paying for high-priced email administrators, the city of Pittsburgh is looking to save money and move to the cutting edge with a migration to Google Apps.
The world is an unsettled place for business travelers these days. Here's how IT managers prep workers before they leave home to better cope with surprises abroad.
The first smartphone based on the new Mango edition of Microsoft's Windows Phone platform was unveiled on Wednesday in Tokyo.
SAP is planning to connect its analytics software with Google's Maps and Earth software, allowing users to mine insights from plotting business data against locations around the world.
Apple's new OS for the App Store era borrows iPad usability tweaks while delivering key new features for businesses and professionals

Tell device-hungry staff to BYO
SC Magazine Australia
Staff are happier and more productive using their own devices, but infosec managers must balance security with flexibility. The last six months has taught us that the consumerisation of IT continues to be the ...

Internet Storm Center Infocon Status