Hackin9
[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access
 

Engadget

Why the war on VPNs is one Netflix can't win
Engadget
Bad Password is a weekly hacking and security column examining infosec and our ever-eroding "privacy." See all articles. Latest in Entertainment. 'Gilmore Girls' is officially coming back to Netflix. 1h ago. View. Why the war on VPNs is one Netflix can ...

 

Morphisec plans to bring back endpoint security – with a twist
TechTarget (blog)
This blog covers topics across the spectrum of security, privacy and compliance, as well as the people and issues driving enterprise infosec today. Latest Blog Posts. How millennials can be the saviors -- not the scourge -- of the security staffing ...

 
When a long-awaited quantum information network finally arrives, in whatever form, it will incorporate two essential technologies: a method of generating and manipulating quantum bits* (qubits) and a method of moving those qubits from ...
 

Posted by InfoSec News on Jan 29

http://www.theregister.co.uk/2016/01/28/blackenergy_tv_station_attack/

By John Leyden
The Register
28 Jan 2016

A new BlackEnergy spear-phishing campaign is targeting more Ukrainian
firms, including a television channel.

A spear-phishing document found by Kaspersky Lab analysts mentions the
far-right Ukrainian nationalist political party "Right Sector" and appears
to have been used in an attack against a popular television channel...
 

Posted by InfoSec News on Jan 29

http://www.theguardian.com/uk-news/2016/jan/28/fraternal-order-of-police-hacked-fbi-investigation-data-servers

By Jon Swaine and George Joseph in New York
The Guardian
28 January 2016

Private files belonging to America’s biggest police union, including the
names and addresses of officers, forum posts critical of Barack Obama, and
controversial contracts made with city authorities, were posted online
Thursday after a hacker breached its...
 
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network
 
[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification
 
ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation
 
[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)
 
[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)
 
[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification
 
[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution
 

Make finding security solutions to Shadow IT a priority, CISOs warned
IT World Canada
CISOs have to be more open to new security solutions to meet the challenge of staff signing up for cloud services behind their backs, a business and IT audience has been warned. Most infosec pros are still trying to secure the perimeter of their ...

 

Posted by InfoSec News on Jan 29

http://www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system/

By Kim Zetter
Security
Wired.com
1/28/2016

IT WAS THE talk most anticipated at this year’s inaugural Usenix Enigma
security conference in San Francisco and one that even the other speakers
were eager to hear.

Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of
telling a roomful of computer security professionals and academics how...
 

Posted by InfoSec News on Jan 29

http://www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/

BY TIMES OF ISRAEL STAFF
January 28, 2016

Iran launched a cyber-attack targeting Israeli army generals, human rights
activists in the Persian Gulf and scientists, an Israeli cyber-security
firm said Thursday.

Gil Shwed, CEO of Check Point Software Technologies, said the attack began
two months ago and was directed at some 1,600 people...
 
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability
 

(credit: Still from HSBC TV ad)

HSBC has been battling an apparent Distributed Denial of Service (DDoS) attack on its online banking system for the past few hours.

Many customers have been struggling to access HSBC online—via the bank's app or website—all morning.

HSBC blamed the outage on a DDoS attack, and attempted to spin the whole thing as a success story to mainstream news outlets. By way of example, witness this headline over at ITV News.

Read 4 remaining paragraphs | Comments

 
ProjectSend multiple vulnerabilities
 

WT VOX

Tech Toys And Child Protection - The Internet Of Toys
WT VOX
And yet, when it comes to the tech toys, the protective sensibilities seem to be forgotten. We don't care. Nobody cares if a certain tech toy manufacturer does not employ experts in infosec. Experts that could raise possible issues with the new smart ...

and more »
 

YIBADA English

VPN service providers in China may not have the same internet security like before; ExpressVPN, Astrill lacks ...
YIBADA English
It is said that VPN service providers in China, such as ExpressVPN or Astrill, may not have the same security encryption anymore. According to a report from Tech in Asia, the infamous Great Firewall of China was accessed by an Infosec professional ...

 

Posted by InfoSec News on Jan 29

http://www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html

By Michael Cooney
Layer 8
Network World
Jan 28, 2016

In the face of relenting network attacks and it seems that the
government’s chief weapon for combatting the assault lacks some teeth.

That weapon – the Department of Homeland Security's (DHS) National
Cybersecurity Protection System (NCPS)—also known as Einstein...
 

Posted by InfoSec News on Jan 29

http://www.healthcareitnews.com/news/cloud-security-roadmap-essential-healthcare-site-threats-persist-experts-say

By Jack McCarthy
Health IT News
January 28, 2016

The onset of cloud computing brought with it an information technology
revolution, allowing organizations to have their IT resources hosted off
site, reducing their costs and simplifying operations. Unfortunately, the
move to the cloud did not mean organizations could forget about...
 

Posted by InfoSec News on Jan 29

https://www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/

By Aaron Gregg
The Washington Post
January 28, 2016

Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year,
one gets the impression that the hacker community is growing out of a bit
of its outrageousness.

“There’s a chaotic element to it that has really fallen off,” said
Shmoocon founder Bruce Potter....
 

When you are dealing with a huge amount of data, it can be very useful to enhance them by adding more valuable content. Example:

  • Geolocalization for IP addresses
  • Get an IP address DShield score
  • Lookup domain names in list of malicious domains
  • ...

When you are processingmany URLs during a security incidentinvestigation or while extracting IOCs from a malware sample or logs, it can also be very interesting to categorize them. The process of categorization helps to tag an URL with a label like the classic Adult Content, Government, Forums, etc.Many commercial solutions offer this feature. It can be very powerful to configure your firewall to deny access to non-business categories. But, integrated in closed solutions, its not easy to re-use them to benefit of this information in your own scripts.For years, Bluecoat has a product called K9 that helps to protectkidssurfing the web. Its free, you just can get a license key and install the tool or... use the online API!I had to categorize a bunch of"> $ ./webcat.py isc.sans.orgisc.sans.org,Education

Multiple URLs can be passed on the same command line or the script can be fed via STDIN if you use -"> $ ./webcat.py isc.sans.org blog.rootshell.beisc.sans.edu,Educationblog.rootshell.be,Technology/Internet$ cat suspicious-urls.tmp | ./webcat.py -getmooresuccess.com,Business/Economyweddingme.net,Business/Economyriverbird.usa.cc,Malicious Outbound Data/Botnets1ntershipping.co,Malicious Outbound Data/Botnetssecureemail.bz,Malicious Sources/Malnetsvsreviewsa.com,Malicious Sources/Malnetsfelceconserve.com,Malicious Outbound Data/Botnetsflashsync.cf,Uncategorizedcy-m0ld.com,Malicious Outbound Data/Botnetsberettitdint.ru,Malicious Outbound Data/Botnetsvehanmace.ru,Malicious Outbound Data/Botnetsredderbest.gq,Uncategorizedgooglemails.ga,Uncategorizedmsportf1.com,Sports/Recreationwww.vai-t.com,Malicious Sources/Malnetsduotthenaning.ru,Malicious Sources/Malnetsduotthenaning.ru,Malicious Sources/Malnetslittrecdintoft.ru,Malicious Sources/Malnetsvsreviewsa.com,Malicious Sources/Malnetsdoncglobal.com,Malicious Outbound Data/Botnets

The API returns an hexadecimal code corresponding to the web category. That"> $ ./webcat.py -husage: webcat.py [-h] [-f CACHEFILE] [-F] [URL [URL ...]]Categorize URL using BlueCoat K9positional arguments: URL the URL(s) to check. Format: fqdn[:port]optional arguments: -h, --help show this help message and exit -f CACHEFILE, --file CACHEFILE Categories local cache file (default: /var/tmp/categories.txt) -F, --force force a fetch of categories

Before using the script, you have to register to get your K9 license, add it to the script (line 30).

Note: Im not aware of any rate-limit in place while querying the API. During my investigations,I was never blocked.

Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 
CVE-2015-7521: Apache Hive authorization bug disclosure
 
[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS)
 
[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities
 
Internet Storm Center Infocon Status