Hackin9

InfoSec News


Malware, Hacking Most Common Attacks in 2011 Data Breaches: Verizon DBIR
eWeek
The year was "exciting," with plenty of mini-breaches and mega-breaches to keep infosec professionals awake at night, Verizon wrote. There was a little bit of everything, with hacktivism, cyber-espionage and organized crime wreaking havoc on enterprise ...

and more »
 
Seagate technology for the first time in two years reclaimed the throne as the leading hard disk drive suppler, usurping Western Digital's lead after the company suffered production shutdowns in the wake of Thailand floods last year.
 
A government research lab in Tennessee will deploy a new supercomputer later this year that could put the U.S. back in contention for the top spot on the list of the world's fastest supercomputers.
 
Moodle Multiple Security Vulnerabilities
 
Moodle Multiple Security Vulnerabilities
 
Moodle Multiple Security Bypass Vulnerabilities
 
As rapidly as technology has evolved, so has the accounting that goes with it. But isolating the software and hardware revenue components connected with products like iPhones is prompting big public companies and growing private startups alike to seek out advanced ways to help them cope with issues that once would have been solved in an Excel spreadsheet --- or perhaps on the back of an envelope.
 
Two former NSA chiefs argued at RSA Conference 2012 for more "active defense" information sharing and a larger security role for U.S. Cyber Command.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Mobile device attacks will rank among the top threats enterprises face in the coming months, serving as a pivot point for bigger network intrusions.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Stunnel Unspecified Memory Corruption Vulnerability
 

SAN FRANCISCO - RSA Conference 2012 feels like a big ol’ group therapy session. Small circles of friends, larger circles of industry peers, huddled masses freeing themselves of a collective weight on their shoulders. No longer do they have to lie to themselves, their colleagues or bosses. “Hi, I’m Joe Security and I’m pwned!” They’ve come to grips with the fact that it’s OK to say security technologies suck, networks are compromised and attackers are winning.

OK, that last part has always been part of the dialogue. But the other two have only been whispered in the past. Now it’s being shouted at networking events and even from the big keynote pulpit here in San Francisco. Legacy investments in signature-based antivirus, intrusion detection and other detection technologies don’t serve the industry as well as they used to. Signature updates can’t keep up with the evolution of malware. And most attacks are too targeted or too stealthy, or both, to warrant signatures for the masses. It doesn’t work anymore and everyone’s free to say it without repercussion.

Granted, Art Coviello, RSA Security’s chief executive, has a vested interest in shouting it the loudest, but he made a good, encapsulating point during his keynote yesterday: “We have to stop being linear thinkers, blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this.”

There’s a lot of whispering now about bringing big data concepts to security. Your resume had better soon include some business analytics experience if you wanna be tomorrow’s CISO. You’d also better figure out how to harness all that data your security gear spits out and learn how to baseline “normal” network behavior and address anomalies. And oh yeah, you better know how to talk to your executives about security.

Selling them your initiatives based on fear is so five years ago. You better learn your business, how it makes money, and how to deliver metrics that address not only bottom-line impact, but how the customer experience is affected, how internal processes need to reflect security and how you’re articulating security to the company to turn everyone into an advocate for you.

Journalists and analysts like tipping points and landmarks because it makes it easier for us to articulate our stories to readers. Most of the time those tipping points and landmarks are made up; not this time though. There’s a definite change in the air and some tangible direction for the industry. Let’s see how we did about this time next year.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The companies today agreed to collaborate on a new content protection technology for flash memory cards such as SD Cards and various other storage devices.
 
Gibbs discovered that his DSL service can start at a lower line speed than he signed up for and he's not happy
 
Advanced Micro Devices announced Wednesday it is buying low-power server vendor SeaMicro, a surprise move that puts AMD in the systems business and disrupts Intel by acquiring one of its close partners.
 
[SECURITY] [DSA 2422-1] file security update
 
[SECURITY] [DSA 2421-1] moodle security update
 

SANS Institute Wins the SC Magazine Award for Best Professional Training Program
Bradenton Herald
... The Internet Storm Center - an analysis and warning service for Internet users and organizations; the SANS Reading Room - over 1853 computer security white papers in 74 different categories; Webcasts - live webcasts covering timely Infosec topics; ...

and more »
 
Cisco has issued six security advisories today, including:


Cisco Cius Denial of Service Vulnerability
Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities
Multiple Vulnerabilities in Cisco Unity Connection
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities
Cisco Small Business SRP 500 Series Multiple Vulnerabilities

Adverse conditions include DoS, directory traversal, command injection, unauthenticated upload, privilege escalation, and protocol manipulation. Test and update as appropriate.
Russ McRee @holisticinfosec
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Overview



Previously we featured the 404Project https://isc.sans.edu/diary/ISC+Feature+of+the+Week+The+404Project/12415 As we mentioned, the main purpose of this project is to trend the web pages crawlers and automated bots are trying to access.



We've had a good number of submitters add this script to their error page and have been collecting data for a while now. We made a few summary reports to get started trending the information. The project has been moved to its own space but the old pages should still get you to https://isc.sans.edu/404project/.



Report Information



The summary reports can be viewed at https://isc.sans.edu/404project/reports.html. The page is generated once a day for the previous day's data. The tables have descriptions for each field so I will just list them and summarize here.



Daily Totals

Complete summary totals for the given date

Top 10 Submitted URLs

Note the percentage is based on the max a particular URL has been submitted meaning if the submissions that particular day have been the most ever, the graphic will be out at 100%

Top 10 User Agents Submitting

User Agents with counts and unique submitters and URLs



API Information



We've also added a couple API interfaces if you'd like to view previous data.



https://isc.sans.edu/api/#daily404summary

Each days totals. Accepts date and limit.



https://isc.sans.edu/api/#daily404detail

Each days details. Accepts date and limit. (Look for more fields output in the future)





Let us know in the section below if you have suggestion or feedback about these preliminary reports or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html



--

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Avaya is looking to take over the management of an enterprise's entire communications platform with a new offering the company announced today.
 
Former Packeteer CEO Craig Elliott has a cloud-based startup in stealth mode called Pertino Networks that is promising to "reinvent networking" by delivering "big IT capabilities in minutes with revolutionary simplicity, security and flexibility."
 
Google's top advertising executive, Susan Wojcicki, said on Wednesday that Google's biggest innovations over the next several years will be in personalized search results and ads.
 
It used to be the IT department's answer was always no when an employee asked to use a personal device for work. IT often felt the risk was far too great to the company's network security to allow this. Insider (registration required)
 
Microsoft today made good on its promise to open the doors to its Windows Store alongside the launch of the public Windows 8 preview.
 
Just a few months before Facebook launches its initial public offering, the social networking company Wednesday turned its attention to wooing the enterprise.
 
Transparency about the personal data that mobile applications collect may be at the top of the agenda as the U.S. Department of Commerce begins work on privacy codes of conduct for online businesses.
 
NTT DoCoMo, Japan's largest mobile operator, said Wednesday it had invested US$14 million in Eye-Fi, the maker of Wi-Fi-enabled memory cards.
 
A Texas man who sold supposed backup copies of Adobe Systems, Microsoft and Autodesk software through multiple websites has been sentenced to serve nearly five years in prison and ordered to pay more than $402,000 in restitution.
 
Quad-core processors and big screens are getting most of the attention at Mobile World Congress, but a feature that is getting more common on new smartphones is HD Voice.
 
Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities
 
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection
 
Talk of the impending debut of Apple's newest iPad, including the company's announcement yesterday of a March 7 launch event in San Francisco, has pushed tablet trade-in volumes to record levels, buy-back companies said today.
 
The OnLive Dekstop is an app for your iPad that gives you a virtual Windows 7 desktop environment, as well as Office 2010 apps (Word, Excel, PowerPoint), Adobe Reader and other basic Windows apps (Calculator, Notepad, Wordpad, Paint, Sticky Notes).
 
Anyone can take Windows 8 for a spin now that Microsoft has launched the so-called "consumer preview" version of the software at an event in Barcelona on Wednesday.
 
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
 
Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities
 
Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability
 
Based on submissions from users, and reports posted on twitter, COX appears to experience a major outage affecting it's data services. For VoIP customers, voice service appears to be affected as well.
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

SANS Institute Wins the SC Magazine Award for Best Professional Training Program
MarketWatch (press release)
... The Internet Storm Center - an analysis and warning service for Internet users and organizations; the SANS Reading Room - over 1853 computer security white papers in 74 different categories; Webcasts - live webcasts covering timely Infosec topics; ...

and more »
 
Anyone who has endured the painful wait of a slow-loading application is familiar with the frustration and lost productivity that follows. That's the problem that motivated Riverbed and Akamai to join forces for a new SaaS acceleration offering, with the objective of resolving SaaS application performance issues that were previously untouchable.
 
Companies and organizations that have Brand pages on Facebook are not only getting a new look and new features, they're also going to be able to update their pages to use the new Timeline feature.
 
Poorly coded mobile applications and the inability to protect the back-end systems supporting them, harms the integrity of the entire application ecosystem, said software security expert Jacob West at RSA Conference 2012.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
[ MDVSA-2012:027 ] postgresql8.3
 
[ MDVSA-2012:026 ] postgresql
 
Multiple XSS in Dotclear
 
Security professionals cite a lack of control and visibility into mobile devices as a major issue. Devices must be locked out of some organizations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

SANS Institute Wins the SC Magazine Award for Best Professional Training Program
Sacramento Bee
... The Internet Storm Center - an analysis and warning service for Internet users and organizations; the SANS Reading Room - over 1853 computer security white papers in 74 different categories; Webcasts - live webcasts covering timely Infosec topics; ...

and more »
 
Windows on ARM-based reference design touchscreen tablets made an appearance on stage at Microsoft's Windows 8 Consumer Preview event at Mobile World Congress.
 
Microsoft launched the Windows 8 Consumer Preview today at 9:30 a.m. ET, opening the gates to users who want to try the desktop edition of the company's upcoming upgrade.
 
A decade ago, investors funded projects. Today, venture capital funds scaling up already successful companies. This shift isn't just because VCs have become more rational in their investments. Plenty of startups just don't go looking for cash. The main reason startups can postpone or turn down VC money is cloud computing and SaaS.
 
On June 2nd, 2011, the antisec hacker group known as LulzSec launched a web site. Although they had been an active hacking group for several weeks, the creation of Lulzsecurity.com was their first official web presence other than the Twitter account they had been using.
 
As BYOD moves out of basic email access, IT seeks control over apps and data on users' devices. What can IT actually get? Insider (registration required)
 
Qualcomm has released a version of its development kit for augmented reality apps, which from now on will be marketed under the Vuforia brand name.
 
When Windows 8's beta version becomes available for download on Wednesday, Microsoft expects many enterprises to jump at the chance to give the new operating system a test drive, but some industry analysts doubt that there will be much interest among corporate IT officials.
 
IBM Personal Communications '.ws' File 'pcspref.dll' Remote Stak Buffer Overflow Vulnerability
 
ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability
 
Microsoft's Azure cloud infrastructure and development service experienced a serious outage on Wednesday, with the system's service management component going down worldwide starting at 1:45 a.m. GMT.
 
VMware's Spring Hadoop offers link between Spring development framework and Hadoop distributed processing platform
 
Toshiba will start shipping its Excite LE tablet next week, which the company claims will be the thinnest tablet yet.
 
Apple's lawyers defended the company's claims to the iPad trademark in China on Wednesday during a high-stakes court hearing that could decide whether Chinese authorities ban the tablet for trademark infringement.
 
Linux Kernel PTE Pages OOM Score Denial of Service Vulnerability
 

SANS Institute Wins the SC Magazine Award for Best Professional Training Program
Virtual-Strategy Magazine
... The Internet Storm Center - an analysis and warning service for Internet users and organizations; the SANS Reading Room - over 1853 computer security white papers in 74 different categories; Webcasts - live webcasts covering timely Infosec topics; ...

and more »
 
The potential of Windows 8 on ARM has excited tablet and laptop users globally but none more than the U.K. firm that provides the reference design for processors used in most smartphones and in iOS and Android tablets.
 
There's always a reason why things break in IT, and the powers-that-be can usually find someone to blame -- be it an data center operations staff member, an OEM, a systems integrator or a third party service provider.
 
IT security executives must secure what they cannot directly control to properly protect enterprise data in the coming years.
 
Nokia pitched its Windows Phones as the best bet for operators and app developers, and to prove it, announced partnerships for new apps with brands including Michelin Travel, Red Bull, Kraft Foods and others.
 
LightSquared Chairman and CEO Sanjiv Ahuja has resigned his CEO post, in the latest change to rock the company that still says it wants to build a 4G network using frequencies next to the GPS spectrum band.
 
The number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 on Tuesday.
 
Hewlett-Packard has cut 275 jobs in its webOS group, as part of its strategy to turn the operating system over to the open-source community, a source said Tuesday.
 

Channel EMEA

Mimecast gains channel momentum
Channel EMEA
Mimecast, a supplier of cloud-based email archiving, continuity and security for Microsoft Exchange and Office 365, has announced a number of new channel partnerships including Infosec Technologies, Security Partnerships and Lima Networks.

and more »
 
Linux Kernel 'apparmor_setprocattr()' Local Denial of Service Vulnerability
 

Posted by InfoSec News on Feb 29

http://gcn.com/articles/2012/02/28/rsa-2-mobile-devices-left-in-hotels.aspx

By William Jackson
GCN.com
Feb 28, 2012

SAN FRANCISCO -- A survey done in advance of this week’s RSA Conference
found that more than 2,300 mobile devices, including cell phones,
tablets and laptops, have been separated from their owners at 20
downtown hotels.

The devices were left behind in hotel guest rooms, bars and lobbies in
the Union Square and Financial...
 

Posted by InfoSec News on Feb 29

Amsterdam, The Netherlands, 23 February 2012 -- What first began as a
small gathering for computer security enthusiasts in 2002, Hack In The
Box Security Conference (HITBSecConf) has since grown into a must attend
event in the calendar of security professionals from around the world.
In May this year, HITBSecConf will again return to Amsterdam for the
European leg of its conference where it will unleash Bank0verflow - the
latest evolution...
 

Posted by InfoSec News on Feb 29

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/232601717/new-verizon-breach-data-shows-outside-threat-dominated-2011.html

By Kelly Jackson Higgins
Dark Reading
Feb 28, 2012

RSA CONFERENCE 2012 -- San Francisco, Calif. -- More than 85 percent of
the data breach incident response cases investigated by Verizon Business
last year originated from a hack, and more than 90 percent of them came
from the outside...
 

Posted by InfoSec News on Feb 29

http://www.nextgov.com/nextgov/ng_20120228_2060.php

By Josh Smith
National Journal
02/28/2012

Government officials have warned that cyberattacks are rapidly becoming
one of the greatest threats to the United States and its allies, but a
new report says the North Atlantic Treaty Organization is still playing
catch up.

"NATO's central missions of collective defense and cooperative security
must be as effective in cyberspace as they...
 

Posted by InfoSec News on Feb 29

http://www.csoonline.com/article/701040/how-to-sneak-into-a-security-conference

By Joan Goodchild
Senior Editor
CSO
February 28, 2012

When I checked in at the RSA 2012 conference, I was directed to wear my
badge at all times.

"You won't be able to go anywhere without it," a registration official
informed me.

But this does not seem to be an obstacle for my anonymous source, whom I
met on the first day of the conference. A...
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status