Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Two names that have recently been out of the limelight recently turned up on Tuesday at the U.S. Federal Communications Commission: Bankrupt would-be mobile broadband carrier LightSquared and former FCC Chairman Kevin Martin, who was helping to sell LightSquared's story to the agency.
 
Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
 
The latest update fixes widely exploited zero-day vulnerabilities. Metasploit manager praises company for fast turnaround.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
On the heels of controversial changes to its developer platform, Twitter is debuting a certification program for third-party business applications that the company deems particularly good and useful.
 
At a Computerworld Hong Kong event years ago, I heard a senior executive explain how online retailer Amazon re-engineered their e-commerce process for the Christmas gift-giving season.
 
Oracle database customers running version 11g Release 1 have until the end of this month to upgrade, or else face increased annual maintenance fees.
 
The Electronic Frontier Foundation has filed a lawsuit seeking details about U.S. National Security Agency surveillance of email and telephone calls, with the lawsuit raising concerns that the agency has illegally targeted U.S. citizens.
 
New Windows RT tablets announced at the IFA trade show in Berlin have intensified competition among ARM-based chip makers, which are adding unique capabilities to processors so tablets become more attractive to buyers based on performance and features.
 
The company has released Java 7 Update 7 with fixes to block the vulnerabilities which allowed attackers to completely disable the Java security model


 
Sen. Dianne Feinstein, chairman of the Senate Intelligence Committee, wants President Obama to issue an executive order aimed at protecting the nation's critical infrastructure against cyber threats.
 
Apple's OS X Mountain Lion now powers more than 10% of all Macs, and may be on the way to outdoing its predecessor, Lion, in adoption speed, an online advertising network said today.
 
Google may be moving too slowly in building up Google Apps' enterprise social networking (ESN) features, at a time when this type of software has become a key component in workplace collaboration suites.
 
ESA-2012-038: EMC NetWorker Format String Vulnerability
 
[ MDVSA-2012:148 ] ffmpeg
 
Oracle today issued an emergency update to patch the critical vulnerabilities hackers have been using in increasing numbers to hijack Windows PCs.
 
Applied Micro lifted the curtain on its 64-bit ARM-based server platform at the Hot Chips conference this week and ignited a debate about whether ARM is the right architecture for the data center.
 
Three book publishers will pay more than $69 million to U.S. states to settle charges they collaborated to fix prices of e-books.
 
SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor
 
[ MDVSA-2012:074-1 ] ffmpeg
 
A short while ago, Oracle released updates for both Java 6 and Java 7 in response to the critical 0-Day vulnerabilities discussed earlier this week, as well as two other security issues.
US-CERThas reported that applying Java 7 update 7 will solve the security issues as discussed at http://www.kb.cert.org/vuls/id/636312
More information is available at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
Scott Fendley ISC Handler (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The two best-known virtualization products for the Mac, Parallels Desktop for Mac and Fusion, have both now produced updates optimized for the upcoming Windows 8.
 
Feel that chill? That's not the end of summer approaching; it's the beginning of another school year. With student budgets in mind, what's this year's must-have back-to-school gadget?
 
Enterprise software rivals Red Hat and Oracle, along with a number of other software and online services providers, have collaborated on a standard that they hope will ease the use of PaaS (platform as a service) among customers.
 
Symantec Messaging Gateway SSH Default Password Security Bypass Vulnerability
 
Name: Patrick Harding
 
AT&T hopes its new flagship retail store on the Magnificent Mile in Chicago is, well, magnificent. The 10,000-square-foot store opens Saturday.
 
Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyberespionage threats.
 
 
The company behind Java has apparently known about the problems at the heart of the current 0day alerts for four months but has yet to take action


 
Novell ZENworks Configuration Management 'DoFindReplace()' Method Buffer Overflow Vulnerability
 
TomatoCart 'example_form.ajax.php' Cross Site Scripting Vulnerability
 
China will overtake the U.S. as the global leader in smartphone shipments this year, according to IDC.
 
The recent move by Microsoft to compete against its computer-maker partners and launch its own tablet PC is a good thing for the market, a senior executive of Lenovo said Thursday at the IFA consumer electronics show in Berlin.
 
Mobile variants of the commercial FinFisher trojan target BlackBerry, Windows Mobile, Symbian, Android and iOS devices. Apparently, the spyware is already active; researchers have found ten command & control servers


 
[security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code
 
The Kindle Fire has been snuffed out -- in a good way.
 
Pholiumis an iPad app designed to create virtual books of your photos. The app, in turn, is linked to an online service that lets you share your books with friends. Pholium 1.3, the newest version, includes a number of major improvements over previous versions, and a price drop to free.
 
FreeBSD SCTP NULL Pointer Dereference Remote Denial of Service Vulnerability
 
SAP Netweaver 'SAPHostControl' Service Remote Code Execution Vulnerability
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Tigase XMPP Server Dialback Protection Bypass Component Security Bypass Vulnerability
 
Lenovo is challenging Google's Nexus 7 tablet with a new range of affordable IdeaTab tablets, which start at $299 and have the Android 4.0 OS.
 
President Barack Obama, currently on the campaign trail ahead of the upcoming November elections, made a brief virtual appearance on Reddit, a popular online discussion site, on Wednesday.
 
Cisco Systems is modifying the licensing options for its Unified Communications Manager's UC Release 9.0 in an attempt to simplify the process and make the use of a variety of client devices easier, the company said on Thursday.
 

Will cyberattacks define the future of war?
Network World
Both, say experts in cyber conflict, in response to a recent article, titled "U.S. Admits to Cyber Attacks: The Future of Conflict," by security specialist Pierluigi Paganini, writing at Infosec Island. Those experts take issue with Paganini's example ...

and more »
 
HP Intelligent Management Centre 'img.exe' Remote Code Execution Vulnerability
 
The 2012 Republican Party platform adopted this week calls for a more aggressive U.S. cyber deterrence policy for dealing with security threats against government and civilian targets.
 
Dutch ministries can keep using social networking tool Yammer for internal communication despite worries in the parliament that data could secretly be seized by U.S. law enforcement agencies under the U.S. Patriot Act, Liesbeth Spies, minister of the Interior and Kingdom Relations, said on Wednesday.
 
Samsung Electronics showed two of its upcoming TVs at the IFA trade show on Thursday, the 55-inch OLED ES9500 and the ES9000, an LED TV with a 75-inch screen.
 
As Apple removed Bitdefender's "Clueful" iOS app from the App Store in June, the security software company has now released the solution as a free web application


 
HP iNode Management Center 'iNodeMngChecker.exe' Remote Stack Buffer Overflow Vulnerability
 







Normal
0


21


false
false
false

HR
X-NONE
X-NONE






































































































































































/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}



Last week I posted a diary about analyzing outgoing network traffic and asked our readers to comment what data sources they use when monitoring outbound connections our users establish.

Besides the sources I listed in the original diary we got quite a few comments and some good questions, so Im combining all these in this, second, diary:

Emerging Threats RBN list: http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
ET's compromised IPs list: http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt
All abuse.ch trackers: Zeus (https://zeustracker.abuse.ch/), SpyEye (https://spyeyetracker.abuse.ch/), Palevo (https://palevotracker.abuse.ch/)
.. or ET's list of bot CC's which combines abuse.ch trackers and Shadowserver: http://rules.emergingthreats.net/open/suricata/rules/botcc.rules
http://www.malwaredomainlist.com/mdl.php - a good malware domain/IP address list. There does not appear to be a list you can download, but you can update through RSS feeds they offer.
Spamhaus' Don't Route or Peer List (DROP): http://www.spamhaus.org/drop/
Alienvault also has a free IP reputation list available at https://reputation.alienvault.com/reputation.generic
Shadowserver has a great list available at http://www.shadowserver.org/wiki/pmwiki.php/Services/Downloads - you have to register though and can see only information about your own networks contacting known CC's.


These include the lists I verified in the mean time for more check comments in the first diary.

One of our readers, Arnim, also asked about a potentially very useful list of IP addresses belonging to remote access services such as LogMeIn, NetViewer and similar. Im not aware of such a list but it would be very useful. Emerging Threats has something similar a list of outgoing ToR nodes but that only helps you figure out if someone that visited your network used ToR. The list is available at http://rules.emergingthreats.net/open/suricata/rules/tor.rules
Thanks to everyone that submitted their comments, including Christian, Ben, Arnim, Hal, Matt, Brent and many others.

--

Bojan

INFIGO IS
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Dell is back in the tablet market after laying low for a few months, announcing the XPS 10 tablet, which has an ARM processor and Microsoft's upcoming Windows RT OS.
 
HTC has launched the Desire X, which has integrated cloud storage and a camera that can shoot video and take pictures at the same time, the company said on Thursday.
 
Dutch ministries can keep using social networking tool Yammer for internal communication despite worries in the parliament that data could secretly be seized by U.S. law enforcement agencies under the U.S. Patriot Act, Liesbeth Spies, minister of the Interior and Kingdom Relations, said on Wednesday.
 
You want the best and the brightest money can buy. Or do you? In fact, you're better served by a group of developers with mixed skill levels who focus on getting the job done
 
Windows Azure Mobile Services connects Windows 8-based client and mobile apps to scalable cloud; will include Android and iOS
 
Acer said on Thursday the company plans to put a greater emphasis on marketing while developing its products, as the Taiwanese PC maker appointed a new chief marketing officer.
 
These 10 task managers for Android and iOS can help keep your to-do list reasonable and achievable.
 
Western Digital today released two new external hard drives, one of which it says has the performance of a solid-state drive at less than half the cost.
 
IBM Infosphere Guardium Administrative Account Cross Site Request Forgery Vulnerability
 

Will cyberattacks define the future of war?
CSO
Both, say experts in cyber conflict, in response to a recent article, titled "U.S. Admits to Cyber Attacks: The Future of Conflict," by security specialist Pierluigi Paganini, writing at Infosec Island. Those experts take issue with Paganini's example ...

and more »
 
A former Motorola employee, charged with the theft of trade secrets from the company, was sentenced by a federal court in Illinois on Wednesday to four years in federal prison, the U.S. Department of Justice said.
 
Hewlett-Packard on Thursday announced an Envy X2 tablet-laptop hybrid device with the Windows 8 OS, signaling the company's re-entry into the consumer tablet market, which it abandoned after the highly publicized failure of its TouchPad product.
 
Multiple Products Cookie Authentication Bypass Vulnerability
 

Posted by InfoSec News on Aug 29

http://www.chicagotribune.com/business/breaking/chi-exengineer-gets-xxx-for-stealing-secrets-from-motorola-20120829,0,1785719.story

By Ameet Sachdev
Tribune reporter
August 29, 2012

A former Motorola software engineer who lived in Schaumburg was
sentenced Wednesday to four years in prison for stealing trade secrets
from the company.

Hanjuan Jin was found guilty in February on three counts of theft of
trade secrets but was cleared of...
 

Posted by InfoSec News on Aug 29

http://news.techworld.com/security/3378413/toyota-accuses-fired-worker-of-major-security-breach/

By John E Dunn
Techworld
29 August 2012

Car maker Toyota has filed a lawsuit against a worker it claims attacked
the company's US parts supply website as retribution for being fired.

Alleged bad behaviour by workers and former workers is common but the
speed at which events have unfolded in this case is still unusual.

The accused, Indian...
 

Posted by InfoSec News on Aug 29

http://www.csoonline.com/article/714997/oft-cited-cybercrime-cost-estimates-hosed-down

By Taylor Armerding
CSO
August 29, 2012

President Obama said it in a major speech on cybersecurity. U.S.
Senators said it while promoting their Cyber Security Act of 2012. Gen.
Keith Alexander, director of the National Security Agency and head of
the U.S. Cyber Command said it while warning of "the greatest transfer
of wealth in history,"...
 

Posted by InfoSec News on Aug 29

http://arstechnica.com/security/2012/08/critical-java-bugs-reported-4-months-ago/

By Dan Goodin
Ars Technica
Aug 29, 2012

Oracle engineers were briefed on critical vulnerabilities in the Java
software framework more than four months before the flaws were exploited
in malware attacks that take complete control of end-user computers,
according to a published report.

Poland-based Security Explorations privately alerted Oracle to the bugs
on...
 

Posted by InfoSec News on Aug 29

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240006411/lessons-in-campus-cybersecurity.html

By Kelly Jackson Higgins
Dark Reading
Aug 28, 2012

The University of Nebraska had just deployed a new security information
event management (SIEM) system when an undergraduate student there
apparently broke into the school's student information system, exposing
sensitive information of 654,000 students, alumni,...
 
Internet Storm Center Infocon Status