Information Security News
Reader Kevin wrote in to alert us of an interesting discovery regarding Sendori. Kevin stated that two of his clients were treated to malware via the auto-update system for Sendori. In particular, they had grabbed Sendori-Client-Win32/2.0.15 from 188.8.131.52 which is truly an IP attributed to Sendori via lookup results. Sendori's reputation is already a bit sketchy; search results for Sendori give immediate pause but this download in particular goes beyond the pale. With claims that "As of October 2012, Sendori has over 1,000,000 active users" this download is alarming and indicates something else is likely afoot with Sendori's site and/or updater process.
Gartner's vision of infosec 2019: four scenarios, all bad
Will it be the total surveillance society and internet licenses? A breakdown of authority, with e-militias fighting extreme anarcho-hactivists? Or one of the other two? Global research and advisory firms are meant to give you the big picture. That's ...
Researchers have made it easier to exploit a five-month-old security flaw that allows penetration testers and less-ethical hackers to gain nearly unfettered "root" access to Macs over which they already have limited control.
The authentication bypass vulnerability was reported in March and resides in a Unix component known as sudo. While the program is designed to require a password before granting "super user" privileges such as access to other users' files, the bug makes it possible to obtain that sensitive access by resetting the computer clock to January 1, 1970. That date is known in computing circles as the Unix epoch, and it represents the beginning of time as measured by the operating system and most of the applications that run on it. By invoking the sudo command and then resetting the date, computers can be tricked into turning over root privileges without a password.
Developers of Metasploit, an open-source software framework that streamlines the exploitation of vulnerabilities in a wide array of operating systems and applications, recently added a module that makes it easier to exploit the sudo vulnerability on Macs. The addition capitalizes on the fact that all versions of OS X from 10.7 through the current 10.8.4 remain vulnerable. While the bug also affected many Linux distributions, most of those require a root password to change the computer clock. Macs impose no such restrictions on clock changes thanks to the systemsetup binary.
Last month Microsoft patched a pretty nasty vulnerability in DirectShow. Microsoft DirectShow is an API that comes with Windows and that allows applications to display all sorts of graphics files as well as to play streaming media.
The MS13-056 vulnerability was privately reported to Microsoft – it is a remote code execution vulnerability that allows an attacker to craft a malicious GIF file which will exploit the vulnerability. Since the vulnerability allows the attacker to overwrite arbitrary memory it can lead to remote code execution.
It is clear that this is a very serious vulnerability. Initially there were no public exploits however later after the patch was released a proof of concept GIF image which triggers the vulnerability has been published.
All Windows versions are affected (Windows XP/Vista/7/8) so make sure that you have patched your systems against it if you haven't already – the vulnerability can be theoretically easily turned into a drive by exploit.
Now, one of our readers, Sean, reported that his IPS started firing up alerts and detecting MS13-056. Sean captured network traffic and, luckily, the GIF files were benign so these were false positive alerts (which can be annoying too – depending on the number).
We were wondering if anyone else is seeing a lot of such alerts? Any real attacks in the wild? Suspicious traffic? Let us know!
A Pennsylvania man has pleaded guilty to charges stemming from a scheme to hack in to sensitive computer networks operated by the University of Massachusetts-Amherst and other sensitive organizations and then sell "magic passwords" providing backdoor access to others.
Andrew James Miller, 23, of Devon, Pennsylvania, pleaded guilty to one count of conspiracy and two counts of computer intrusion, a press release issued Tuesday by the Justice Department said. Court records show a plea agreement in the case was entered on July 15. He faces a maximum penalty of 20 years in prison at sentencing, which is scheduled for November 19.
According to an indictment filed in Massachusetts federal court in June 2012, Miller and other members of a hacking group called the Underground Intelligence Agency hacked into networks and installed backdoors that provided almost unfettered "root" access to anyone who possessed the "magic passwords." He then sold access to the magic passwords and advice on how intruders could avoid being detected. In some cases he also sold lists containing hundreds of usernames and passwords that provided root access. In addition to the University of Massachusetts, affected organizations included Massachusetts-based RNK Telecommunications and Crispin Porter and Bogusky, an advertising and digital agency in Colorado.
-- Bojan INFIGO IS(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Posted by InfoSec News on Aug 28http://www.forbes.com/sites/gregorymcneal/2013/08/26/cybersecurity-and-privacy-specialists-in-short-supply/
Posted by InfoSec News on Aug 28http://www.nytimes.com/2013/08/28/business/media/hacking-attack-is-suspected-on-times-web-site.html
Posted by InfoSec News on Aug 28http://www.nextgov.com/cybersecurity/2013/08/twitter-breach-hits-cyber-education-director-who-ran-federal-e-gov-office/69470/
Posted by InfoSec News on Aug 28http://www.wired.com/threatlevel/2013/08/hacker-super-computer-access/
Posted by InfoSec News on Aug 28http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471