Hackin9
Microsoft today shipped the first update for Office for iPad since its debut five weeks ago, adding printing to the three apps.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

We got an email from one of our readers, including an interesting port 53 packet. While Wireshark and TCPDump try to decode it as DNS, it is almost certainly not DNS. 

The payload of the packet is (I obfuscated the country the user is located in):

oracle:1c6F65E41DFC:www.kmplayer.com:192.168.1.2:[country of system]:SYSTEM:Windows XP:V139

The user does not have KMPlayer or Oracle installed in his network. This looks very much like some form of command and control traffic. At this point, we do not have any malware associated with it.

Here is how tcpdump decoded the packets (again, anonymized): 

$ tcpdump -r strange-udp.pcapng -nAt
reading from file strange-udp.pcapng, link-type EN10MB (Ethernet)
IP a.b.c.d.20510 > w.x.y.z.53: 28530 updateM+ [b2&3=0x6163] [14897a] [27749q] [25398n] [17974au][|domain]
oracle:1c6F65E41DFC:www.kmplayer.com:192.168.1.2:[country]:SYSTEM:Windows XP:V139.
IP a.b.c.d.11185 > w.x.y.z.53: 28530 updateM+ [b2&3=0x6163] [14896a] [27749q] [12337n] [17988au][|domain]
oracle:001FD0309751:www.kmplayer.com:192.168.1.102:doubleup-xp:SYSTEM:Windows XP:V139

The source was an RFC 1918 address in this case, and the target was close to the user's IP address, which is why both are anonymized here. I also removed the non printable part of the payload to make it fit the screen.

I installed KMPlayer on a virtual system and didn't see any traffic like this. 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Aurich Lawson

Update: A few hours after this article went live, Google engineer Adam Langley published a blog post taking issue with the GRC characterization that Chrome's CRLSet is "completely broken." In the post, Langley said he has always been clear that the measure isn't perfect, but in any event, it's more effective than the revocation checks on by default in other browsers. "And yet, GRC managed to write pages (including cartoons!) exposing the fact that it doesn't cover many revocations and attacking Chrome for it." In fairness to Google a test performed after this article was published showed Chrome blacklisted the TLS certificate Ars revoked three weeks ago. The text of the article as it originally ran follows:

The ability of Google Chrome to block secure website connections compromised by the Heartbleed bug is "completely broken" because the browser by default detects less than three percent of the underlying digital certificates that have been revoked, according to a detailed analysis recently posted online.

The charge was leveled against CRLSet, a regularly updated list in Chrome that catalogs website encryption certificates that have been revoked recently. Last week, noted cryptography engineer and Google employee Adam Langley promoted CRLSet as an improvement over the online certificate status protocol turned on by default in most other browsers. Langley blasted OCSP as "useless" because he said it was trivial to bypass and threatened to harm the performance and stability of the overall Internet.

Read 11 remaining paragraphs | Comments

 
A survey of more than 1,000 C-level executives shows that IT organizations are losing control over new technology adoption at their companies but are still held accountable for integrating the technologies securely into their company's infrastructure.
 
Acer's dual-purpose Aspire Switch 10 can function as a Windows 8 tablet and laptop, but the shape-shifting product's uniqueness is in its magnetic keyboard base, an element not found on other hybrid devices.
 
Twitter on Tuesday turned in some healthy sales figures for the first quarter, though its net loss grew substantially compared to last year.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A researcher at Vanderbilt University has created a way to build nanowires just three atoms wide that could eventually lead to paper-thin, flexible tablets and smartphones.
 
Amazon.com launched a Wearable Technology online store on Tuesday, saying customers are increasingly interested in the devices.
 
NASA is reaching out to companies that want to use the International Space Station or low-Earth orbit for research or commercial space activities.
 
Although the use still outpaces the world in spending on research and development, a shrinking federal investment could allow China to soon take the lead on spending.
 
Police shouldn't be able to search suspects' mobile phones at the time of arrest because of the huge amounts of private information now stored on those devices, lawyers for two criminal defendants argued before U.S. Supreme Court Tuesday.
 
Target has named veteran IT executive Bob DeRodes as its CIO and is tasking him with taking the $73 billion retailer in a new technology direction following the mammoth data breach that it disclosed late last year. The breach resulted in information being stolen from 70 million payment card users and prompted the resignation of CIO Beth Jacob.
 
Apple today refreshed its MacBook Air line-up, dropping prices by $100 on all four stock models.
 
Samsung deliberately copied several key iPhone features in an attempt to catch up in the phone market, Apple charged as it wrapped up a jury trial against Samsung in San Jose on Tuesday.
 
[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
 
Qemu 'vmxnet3.c' CVE-2013-4544 Denial of Service Vulnerability
 
QEMU IDE SMART Out of Bounds Local Privilege Escalation Vulnerability
 
Oracle has gotten cloud religion.
 
Sprint doubled down on high quality smartphone sound on Tuesday by introducing an exclusive version of the HTC One (M8) featuring HD Audio sound.
 
Acer is entering the wearable market with a fitness-tracking smartband for use with mobile devices.
 

Infosec 2014: UK data breaches slightly down but cost way up, report shows
ComputerWeekly.com
The number of UK data breaches and victims has gone down in the past year, but the cost of the most serious incidents has risen significantly, a government-sponsored report shows. The average cost of the worst breach for large organisations is £600,000 ...

and more »
 
Siemens released a security update to address the Heartbleed vulnerability in SIMATIC WinCC Open Architecture, a supervisory control and data acquisition (SCADA) system that's used in a large number of industries to operate processes, machines and production flows.
 
Cyberattacks threaten all of us. White House officials confirmed in March 2014 that federal agents told more than 3,000 U.S. companies that their IT deployments had been hacked, according to The Washington Post. Meanwhile, Bloomberg reports that the Securities and Exchange Commission (SEC) is looking into the constant threats of cyberattacks against stock exchanges, brokerages and other Wall Street firms.
 
What makes a great CEO? Why do many star at one company yet fail at another? Why do some lose the magic as the company expands? The answer, of course, is different situations require different types of CEOs. To help identify the multiple characteristics of executives in this leading role, here are eight 'CEO types' and when to cast each one.
 
Acer has given a fresh look to detachable hybrids with its magnetic Aspire Switch 10 tablet, which it showed off at an event Tuesday, where it also demonstrated what it says is the fastest Chromebook yet.
 
LinuxSecurity.com: The Unity lock screen could be bypassed.
 
LinuxSecurity.com: Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. [More...]
 
LinuxSecurity.com: Security Report Summary
 
Linux Kernel CVE-2014-0181 Local Security Vulnerability
 
[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114
 
CIO's Publisher Adam Dennison contends that great leadership and a thriving company culture ultimately support one another, and pays tribute to the legacy of IDG's late Chairman Patrick J. McGovern.
 
In-flight Wi-Fi provider Gogo's stock took a drubbing after AT&T yesterday announced plans for a new air-to-ground LTE service that will surely compete against Gogo, at least in the continental U.S.
 
Samsung is deploying Knox, its secure platform for mobile devices, to earn the trust of the IT departments that run BYOD programs.
 
SAP is making good on a promise to migrate its Ariba e-commerce software to the Hana in-memory computing platform, and says an initial step has already produced staggering performance improvements.
 
I'm very happy to be back in London for the second year in a row to attend BSides London. This year the conference has grown in size and has attracted a great list of talent. Talks range from the likes of Stephen Bonner, Graham Sutherland and Jon Butler.
 

IT PRO

Infosec 2014: Cyber safety will take joint effort, says top EU cyber cop
ComputerWeekly.com
Cyber safety can be achieved only through the joint efforts of all stakeholders, not just law enforcement, says Troels Oerting, head of Europol's European Cybercrime Centre (EC3). “We will win, a safe and secure internet will prevail, but it will be a ...
Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead ...Register
Infosecurity Europe 2014 > Security Can Be A Business EnablerInfosecurity Magazine
EC3: Darknet & cloud the barriers to prosecuting cyber-criminalsSC Magazine UK

all 10 news articles »
 
How can CDOs achieve success in working with their established C-level peers?
 
A survey that challenged IT managers to imagine the data center of 2025 offers up some optimistic, even surprising, findings.
 
Adobe Flash Player CVE-2014-0515 Buffer Overflow Vulnerability
 
Expanding on last year's device, Samsung's new Galaxy K zoom sports a more powerful 20.7 megapixel camera and comes with a special alarm to help users take timed selfies.
 
IBM's efforts to expand the use of its Power chips in hyperscale data centers just got a big shot in the arm from Google.
 
Nokia has named the head of its networks division, Rajeev Suri, as its new CEO from May 1. He will take over from company chairman Risto Siilasmaa, who has been serving as acting CEO.
 
Samsung Electronics posted a dip in its operating profit for the first quarter, falling by 3.3% year-over-year as the company faces growing competition in the smartphone market.
 
As Vic Gundotra leaves Google and his post heading up Google+, the company has named a new leader of its social networking business.
 
Google-owned Motorola Mobility has been found guilty of breaching EU competition law but escaped a fine from European Union regulators.
 
Advanced Micro Devices hopes its latest Mullins tablet processor will find acceptance after three failed predecessors and a handful of unsuccessful devices.
 
Google, according to industry analysts, is positioning itself to take on Amazon's dominance as a cloud provider. While it's lagging today, Google could catch Amazon and some day supplant its top position in the cloud.
 

Infosec 2014: Firms moving to cloud despite security fears, study shows
ComputerWeekly.com
Businesses are moving sensitive or confidential data into public cloud services, despite security fears, an independent global study has revealed. Almost a third of companies doing so expect a negative impact on security posture, according to the ...

and more »
 
Adobe Flash Player And AIR Type Confusion Remote Code Execution Vulnerability
 

Posted by InfoSec News on Apr 29

http://mashable.com/2014/04/28/homeland-security-internet-explorer/

By Christina Warren
mashable.com
4/28/2014

How scary is the latest Internet Explorer security vulnerability? Even the
U.S. government says not to use IE until the browser is fixed.

The flaw, which affects Internet Explorer versions 6 and up, allows bad
guys to gain complete access to a PC via a malicious website. Dubbed
"Operation Clandestine Fox" by the security...
 

Posted by InfoSec News on Apr 29

http://www.foreignpolicy.com/articles/2014/04/28/exclusive_meet_the_secret_fed_cyber_security_unit_keeping_trillions_of_dollars_s

By Shane Harris
Foreign Policy
April 28, 2014

If the U.S. central banking system is ever hit with a crippling cyber
attack, a group of roughly 100 government employees working in a
three-story fortress-like building next door to a Buick dealership in East
Rutherford, N.J., will be among the first to know about it....
 

Posted by InfoSec News on Apr 29

http://leadership.ng/news/368843/cyber-security-nigeria-needs-computer-emergency-response-team

By Nkechi Isaac
Leadership
April 29, 2014

Cybercrime is one of the fastest growing areas of crime. More and more
criminals are exploiting the speed, convenience and anonymity that modern
technologies offer in order to commit a diverse range of criminal
activities. These include attacks against computer data and systems,
identity theft, the...
 

Posted by InfoSec News on Apr 29

http://www.darkreading.com/vulnerabilities---threats/microsoft-warns-of-zero-day-vulnerability-in-internet-explorer/d/d-id/1234907

By Tim Wilson
Dark Reading
4/28/2014

Microsoft has discovered a zero-day vulnerability in most versions of
Internet Explorer that already has enabled some attackers to execute code
remotely on victim PCs, even without action by the end user. In a security
advisory issued over the weekend, Microsoft reported that...
 

Posted by InfoSec News on Apr 29

http://blogs.wsj.com/digits/2014/04/28/europe-begins-its-largest-ever-cyberwar-stress-test/

By Frances Robinson
The Wall Street Journal
April 28, 2014

In a sign of just how seriously Europe is taking the cyber threat, more
than 400 cyber security professionals from 29 countries and 200
organisations are today beginning a biannual cyber exercise coordinated by
the European Union Agency for Network and Information Security (ENISA).

It is not...
 
Internet Storm Center Infocon Status