Hackin9
 
A rural Alabama town and a suburban area of Florida may be on the cutting edge of a historic shift away from traditional circuit-switched phone service, if AT&T wins approval to run trials in those areas.
 
As wearable computers begin to monitor our activity and health even more, they will essentially act as a sixth sense. What is the first wearable computer you will buy?
 

The US Secret Service is investigating a possible attack on the corporate network of Sears Holdings Corp. after high-profile hacks of Target, Neiman Marcus, and possibly other retailers have compromised tens of millions of credit cards, Bloomberg News reported.

"There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach," a Sears spokesman said in a statement, according to a report published Friday. "We have found no information based on our review of our systems to date indicating a breach."

Neither the Bloomberg report nor the statement from Sears said when the investigation began or provided other details. KrebsOnSecurity reporter Brian Krebs, who originally broke news of the Target breach, cautioned that there's reason to believe there may be no breach at Sears.

Read 3 remaining paragraphs | Comments

 
As vehicle computers and peripheral devices require greater data throughput, especially in light of autonomous driving features, Ethernet will find a new home inside your car.
 
If you want a wearable Internet of Things, the electronics have to be as small and as energy efficient as possible. That's why a new microcontroller by Freescale Semiconductor is notable.
 
Intel is expecting its next Atom tablet chip, code-named Cherry Trail, to be in devices by the end of this year, the company said this week.
 

Lloyd's of London Declines Infosec Cover For Energy Companies
Infosecurity Magazine
The BBC reported yesterday that energy companies "are being refused insurance cover for cyber-attacks because their defenses are perceived as weak." Before cover is offered, applicants must undergo a security audit by the insurance companies, but "the ...

and more »
 
As bitcoin values jumped in the last months of 2013, malware designed to steal the virtual currency exploded, security researchers from Dell SecureWorks said this week.
 
A class-action lawsuit has been filed against the Mt. Gox Bitcoin exchange and its owner Mark Karpeles, seeking damages in the hundreds of millions of dollars and the return of bitcoins to users whose accounts were frozen on the site.
 
Python logilab-common Package Insecure File Creation Vulnerability
 
A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to remove, according to security researchers from Sophos.
 
Over the past few weeks we've been snowbound several times, which also included a school vacation week. With my kids asking me for the one-millionth time "What can we do, Dad?", fortunately I had two technology-related items for the column to test out, and they would also appeal to the youngsters as well as adults.
 

Security researchers have designed a stealthy eavesdropping attack that sounds like it's straight out of a James Bond movie. It starts with a booby-trapped document that compromises an unpatched laser printer, which in turn converts a popular Internet phone into a covert bugging device.

The proof-of-concept attack exploits currently unpatched vulnerabilities in the Avaya one-X 9608, a popular model of phone that uses the Internet rather than a standard phone line to make and receive calls. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, declined to provide many details on the vulnerabilities until users have had time to install a patch that Avaya is expected to release soon. He did say the weaknesses allow devices on the same local network to remotely execute code that causes the device to surreptitiously record all sounds within earshot and transmit them to a server controlled by attackers. He demonstrated a similar bugging vulnerability last year in competing Internet phones designed by Cisco Systems, which has since patched the underlying bugs.

Cui, who is scheduled to present his research Friday at the RSA security conference in San Francisco, said the attack underscores the growing susceptibility of phones, routers, and other embedded devices to the types of malware attacks that once threatened only computers. He and Salvatore Stolfo, who is a Columbia University professor of computer science and a Red Balloon director, have devised software dubbed Symbiote, which runs on Internet phones and other embedded devices and alerts users whenever changes are made to the firmware. Symbiote is part of a larger defense the pair has developed called AESOP, short for the Advanced Embedded Sec Ops.

Read 4 remaining paragraphs | Comments

 
SolidWorks Workgroup PDM Memory Corruption Vulnerability
 
IcedTea-Web LiveConnect Implementation Insecure Temporary File Creation Vulnerability
 

No, we haven't broken out the beer or decided to start the weekend early. This ISC diary isn't about party time, but rather about the "Fiesta Exploit Kit". We are recently seeing an uptick of it being used on compromised web sites.

Fiesta has been around in one form or another since 2012, when it branched off the "NeoSploit" kit, and is regularly being retrofitted with new exploits to stay effective. The first stage is usually just a redirect, to the actual exploit site from where a heavily encoded/obfuscated JavaScript file gets downloaded. This JavaScript file checks the locally installed software, and then triggers or downloads the matching exploit(s).

The currently most prevalent version of Fiesta seems to use the same five exploits / vulnerabilities since about November last year:

  • CVE-2010-0188 Adobe Reader TIFF vulnerability. The code checks for Adobe Reader versions >= 800 < 821 and >= 900 < 931, and only triggers if a matching (ancient) Adobe version is installed.
  • CVE-2013-0074 Microsoft Silverlight (MS13-022, March 2013). The code checks for Silverlight versions >= 4050401 and < 5120125, and triggers the exploit if applicable. Silverlight 5.1.201.25.0 is the version after patch MS13-022 has been applied
  • CVE-2013-2465 Oracle Java. Of course - there had to be a Java sploit in the mix. The code checks for Java > 630 < 722
  • CVE-2013-0634 Adobe Flash Player. The code checks for Flash Player >= 110000 <= 115502.
  • CVE-2013-2551 Microsoft Internet Explorer (MS13-037, May 2013). The code in this case just checks for IE Versions 6 to 10, and if found, tries the exploit.

A system with reasonably up to date patches should have nothing to fear from the above. The fact that Fiesta has not widely re-tooled to newer exploits suggests though that the above set of vulnerabilities are still netting the bad guys plenty of newly exploited bots.

The existing Snort EmergingThreat signatures for Fiesta are doing a reasonable job at spotting the attack. As for the Snort standard (VRT) ruleset, rule SID 29443 seems to work well right now, it was added in January to match on the URL format: "/^\/[a-z0-9]+\/\?[0-9a-f]{60,66}[\x3b\x2c\d]*$/U" used, and is still triggering frequently on the current Fiesta wave.

One further characteristic of the current Fiesta is also its heavy use of dynamic DNS. Seen this week so far were *.no-ip.info, *.no-ip.org, *.myvnc.com, *.no-ip.biz, *.myftp.com, *.hopto.org and *.serveblog.net. These are DynDNS providers, so obviously not all sites hosted there are malicious. But Fiesta is making extensive use of these services to rapidly shuffle its exploit delivery hosts. The host names used are random character sequences of 10 or 6 chars, current example "ofuuttfmhz.hopto.org". The corresponding sites are sometimes active for less than a hour before the DNS name used in the sploits changes again.

What seems to be reasonably static are the IP addresses - 209.239.113.39 and 64.202.116.124 have both been used for the past two weeks, and the latter hoster seems to be particularly "popular", because the adjacent addresses (64.202.116.122, 64.202.116.125) were in use by Fiesta in late January. Also quite common are landing pages hosted on *.in.ua (Ukraine) domains, like ujimmy.in.ua, aloduq.in.ua, etc. These domains should be infrequent enough in (western) web proxy logs to make them easier to spot.

If you have any other current Fiesta intel (not involving cerveza :), let us know via the contact page or comments below!

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco Unified Contact Center Express CVE-2014-0746 Information Disclosure Vulnerability
 
Whether you're talking about your network, your company's building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at this week's RSA Conference, you can't provide physical or electronic security simply by trying to prevent authorized access -- you have to rethink all types to security to protect data and lives.
 
This week's posting of specifications for the secure Boeing Black smartphone brought out references to the old Mission Impossible television show and other fictional spy heroes.
 
Cisco Unified Contact Center Express CVE-2014-0745 Cross Site Request Forgery Vulnerability
 
InterWorx Web Control Panel Cross Site Scripting Vulnerability
 
A mobile application designed to make it easier for RSA Conference 2014 attendees to navigate the event and interact with their peers exposes personal information, according to researchers from security firm IOActive.
 
The German Federal Patent Court invalidated a Microsoft mapping patent because it lacked an inventive step, a court spokeswoman said Friday. The company had alleged that Motorola Mobility and Google infringed the patent in the Google Maps app.
 

Cyber Defense Magazine Announces Infosec Awards Winners for #RSAC 2014
PR Urgent (press release)
Cyber Defense Magazine, the industry's leading electronic information security magazine and a media partner of the RSA® Conference 2014, has named winners in numerous categories for their innovations in the field of information security. While most of ...
AFORE Selected by Cyber Defense Magazine 2014 Awards as Hot Company ...IT Business Net

all 3 news articles »
 

Terremark's Rafeeq Rehman on Infosec Lessons Learned from Data Breaches
ExecutiveBiz (blog)
TerremarkLogo Rafeeq Rehman, senior security solutions architect at Verizon Terremark, has urged enterprises to heed the lessons learned from the massive data breaches that have been happening not only in the U.S. but also to other retailers elsewhere.

and more »
 
Citing the need to prod software vendors to patch vulnerabilities even faster, Hewlett-Packard's bug bounty program said it was shortening its patch-or-go-public policy to 120 days.
 
Pivotal Grails 'grails-resources' Plugin Information Disclosure Vulnerability
 
Microsoft has a new version of SkyDrive Pro's iOS app that has the cloud storage product's new identity -- OneDrive for Business -- and broadens its scope of users.
 
Embattled Bitcoin exchange Mt. Gox is filing for bankruptcy protection with liabilities of $63.6 million. "I am deeply sorry," CEO Mark Karpeles said. "There were weaknesses in the system."
 
China is bolstering its efforts on cybersecurity with a new high-level committee that aims to turn the nation into an "Internet power," the country's official state media said Thursday.
 
Salesforce.com's rapid growth is now being fueled increasingly by large deals for its cloud software, according to CEO Marc Benioff.
 

Posted by InfoSec News on Feb 28

http://www.infosecnews.org/so-who-hacked-ec-council-three-times-this-week/

By William Knowles
Senior Editor
InfoSec News
February 28, 2013

On February 22nd 2014 the EC-Council website was broken into and defaced by
Eugene Belford (a.k.a. The Plague). For those of you living in a cave, or a
compound outside of Abbottabad for the last 13 years, The EC-Council is an
Albuquerque New Mexico based organization that offers security professionals a...
 
The Mannheim Regional Court has dismissed a lawsuit in which German patent licensing firm IPCom demanded $2.1 billion in damages from Apple for infringing a 3G patent, a court spokesman said Friday.
 
An appeals court in California ruled that it is legal for a person to hold his phone to look at a map application while driving, though he is prohibited from "listening and talking" on the phone unless it is used in a hands-free mode.
 
China is bolstering its efforts on cybersecurity with a new high-level committee that aims to turn the nation into an "Internet power," the country's official state media said Thursday.
 
Aon's global CIO, Steve Betts, who led the integration of IT operations following Aon's $4.9 billion acquisition of Hewitt Associates, is using social media tools to help employees connect around key issues. Insider (registration required)
 
If you regularly need to store documents in the cloud, a desktop scanner could help. We look at three new devices from Brother, Neat Company and DCT that approach the task in different ways.
 
LibTIFF CVE-2013-4243 Heap Buffer Overflow Vulnerability
 
SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server
 
SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch
 
[slackware-security] subversion (SSA:2014-058-01)
 
Gold Mp4 Player Buffer Overflow Vulnerability
 
Embattled Bitcoin exchange Mt. Gox is filing for bankruptcy protection with liabilities of AY=6.5 billion (US$63.6 million), according to Japanese media reports.
 

Posted by InfoSec News on Feb 28

http://www.theregister.co.uk/2014/02/28/governmentbuilt_malware_running_out_of_control_fsecure_tells_trustycon/

By Iain Thomson
The Register
28 Feb 2014

TrustyCon - A surprising number of governments are now deploying their own
custom malware -- and the end result could be chaos for the rest of us,
F-Secure's malware chief Mikko Hyppönen told the TrustyCon conference in
San Francisco on Thursday.

"Governments writing viruses:...
 

Posted by InfoSec News on Feb 28

http://valleywag.gawker.com/how-a-hacker-intercepted-fbi-and-secret-service-calls-w-1531334747/

By Nitasha Tiku
ValleyWag
February 27, 2014

Earlier this week, Bryan Seely, a network engineer and one-time Marine,
played me recordings of two phone calls (embedded below.) The calls were
placed by unwitting citizens to the FBI office in San Francisco and to the
Secret Service in Washington, D.C. Neither the callers nor the FBI or
Secret Service...
 

Posted by InfoSec News on Feb 28

http://news.techworld.com/security/3504470/china-ramps-up-cybersecurity-efforts-strives-to-become-internet-power/

By Michael Kan
Techworld
28 February 2014

China is bolstering its efforts on cybersecurity with a new high-level
committee that aims to turn the nation into an "Internet power," the
country's official state media said Thursday.

Chinese President Xi Jinping is leading the new government body, which
held its first...
 

Posted by InfoSec News on Feb 28

http://losangeles.cbslocal.com/2014/02/26/confidential-patient-records-from-local-dentists-office-found-dumped-in-apple-valley/

By David Goldstein
CBSLA.com
February 26, 2014

APPLE VALLEY (CBSLA.com) -- Hundreds of confidential patient records from
a local dentist's office were found dumped in Apple Valley.

CBS2's David Goldstein reported that the referral forms from 1-800-DENTIST
to Dr. Samuel Kim, who specializes in laser and...
 

Posted by InfoSec News on Feb 28

http://www.computerworld.com/s/article/9246650/UK_man_charged_with_hacking_Federal_Reserve

By Grant Gross
IDG News Service
February 27, 2014

A British man faces new charges in the U.S. for allegedly hacking into the
Federal Reserve Bank's servers and stealing names, email addresses and
other personal information of the bank's computer users.

Lauri Love, already facing charges in New Jersey and Virginia, is charged
with one count...
 
Internet Storm Center Infocon Status