Moodle CVE-2016-7919 Information Disclosure Vulnerability
Wordpress contus-video-comments Plugin 'save.php' Arbitrary File Upload Vulnerability
Novell NetIQ Identity Manager CVE-2015-0787 HTML Injection Vulnerability


Authorities said they arrested an 18-year-old iPhone app developer on charges of felony computer tampering after he unleashed code that threatened to take down emergency 911 systems in a large swath of Arizona and possibly other states.

Meetkumar Hiteshbhai Desai stands accused of publishing Web links that caused iPhones to repeatedly dial 911, according to a release published Thursday by Arizona's Maricopa County Sheriff's Office. On Tuesday night, officials alleged, the 911 system operated by the Surprise, Arizona, police department received more than 100 hang-up calls in a matter of minutes. The volume allegedly put authorities "in immediate danger of losing service to their switches." The emergency systems for the nearby Peoria Police Department and the Maricopa County Sheriff's Office also received a large number of repeated calls. Agencies in California and Texas were also affected, authorities said.

(credit: @meetheindiankid)

The release said the 911-dialing code was hosted on a site with the name "Meet Desai." A link posted on the TheHackSpot YouTube channel and one or more Twitter accounts then encouraged people to click on the link. Authorities said they found evidence it had been clicked 1,849 times. In an e-mail, the operator of the YouTube channel said: "The link does not contain anything harmful, and I am not associated with any type of personal hacking. Just a fun prank that many other big YouTube channels covered as well."

Read 5 remaining paragraphs | Comments

SAP Hybris Management Console CVE-2016-6857 HTML Injection Vulnerability
HP System Management Homepage Multiple Security Vulnerabilities
QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability

Google Brain has created two artificial intelligences that evolved their own cryptographic algorithm to protect their messages from a third AI, which was trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch.

The Google Brain team (which is based out in Mountain View and is separate from Deep Mind in London) started with three fairly vanilla neural networks called Alice, Bob, and Eve. Each neural network was given a very specific goal: Alice had to send a secure message to Bob; Bob had to try and decrypt the message; and Eve had to try and eavesdrop on the message and try to decrypt it. Alice and Bob have one advantage over Eve: they start with a shared secret key (i.e. this is symmetric encryption).

Importantly, the AIs were not told how to encrypt stuff, or what crypto techniques to use: they were just given a loss function (a failure condition), and then they got on with it. In Eve's case, the loss function was very simple: the distance, measured in correct and incorrect bits, between Alice's original input plaintext and its guess. For Alice and Bob the loss function was a bit more complex: if Bob's guess (again measured in bits) was too far from the original input plaintext, it was a loss; for Alice, if Eve's guesses are better than random guessing, it's a loss. And thus an adversarial generative network (GAN) was created.

Read 7 remaining paragraphs | Comments


Earlier this week, Ensilo released a blog describing a new code injection attack via Windows Atom Tables [1]. The attack is pretty ingenious and could be used to inject malicious code into running processesor read data from running processes.

Overall, the problem of code injection isnt new, and there are different methods to accomplish code injection. Code injection in its simple form doesnt lead to privilege escalation, nor does it expose your system to new exploits. However, it is a technique that an attacker may use to hide code they are executed as a result of an exploit. Most security tools will whitelist software that you commonly run. Some will even check if the software is modified after it is executed.

Atom tables are a Windows feature meant to allow software to store data, and in some cases to share data with other applications. A user has read/write access to all atomtable data created by processes that the user initiated. The result is that malware that the user runs may retrieve data stored to atom tables by other software, or it may modify it to execute malicious code.

Overall, there is no fix expected for this problem. This isnt even a security vulnerability in its current form. Users can always run code and code a user runs typically does have some access to other processes run by the same user (sometimes limited by sandboxing).

So what does this all mean for you? Not much. It was always bad to run malware, and this is yet another way how malware can hide on your system. There is nothing you have to change in the way you are doing things due to this issue. Future versions of anti-malware may be able to intercept respective API calls to inspect any read/write access to these atom tables.


Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
PHP 'snmp.c' Remote Format String Vulnerability

A demonstration of SQL injection in action. (video link)

Thirty-one-year-old Laurie Love is currently staring down the possibility of 99 years in prison. After being extradited to the US recently, he stands accused of attacking systems belonging to the US government. The attack was allegedly part of the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the tragic suicide of Aaron Swartz as the hacktivist infamously awaited trial.

Love is accused of participating in the #OpLastResort initiative through SQL injection attacks, an increasingly common tactic. SQL injections have recently been detected against state electoral boards, and these attacks are regularly implicated in thefts of financial info. Today, they've become a significant and recurring problem.

Read 62 remaining paragraphs | Comments

PHP 'php_raw_url_encode()' Function Integer Overflow Vulnerability
PHP 'ext/phar/phar_object.c' Heap Buffer Overflow Vulnerability
PHP CVE-2016-4539 Remote Denial Of Service Vulnerability
Node.js CVE-2016-2216 HTTP Response Splitting Vulnerability
[SECURITY] [DSA 3701-2] nginx regression update
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
VMware Tools CVE-2016-5328 Local Information Disclosure Vulnerability
VMware Fusion CVE-2016-5329 Local Information Disclosure Vulnerability
Internet Storm Center Infocon Status