Redmond reinstates infosec mailing list
Redmond reversed an announcement Friday that it would shutter the Advanced Notification Service mailing list which would have forced email fans to get their infosec fix from Microsoft's RSS or social media feeds. In an email last night Microsoft said ...

and more »

Infosec channel managers play musical chairs in Australia
CRN Australia
Check Point has announced Nigel Gutschlag as its new Australian channel boss, filling a role left vacant after the departure of Sean Abbott to Trend Micro. Abbott left Check Point and took up the role of Australian and New Zealand enterprise sales ...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Apple today released patches for most (all?) of its operating systems. For more details from Apple, see http://support.apple.com/kb/ht1222.

- OS X has been updated to 10.9.4 (Security Update 2014-003). The security update is also available for older versions of OS X.
- Safari has been updated to 6.1.5 and 7.0.5
- iOS has been updated to 7.1.2
- Apple TV has been updated to 6.2.

The largest common source of patches for all of these products is WebKit. The updates should be applied in a timely manner. There is no indication at this point about active exploits. The iOS update also patches a problem that would allow an attacker to bypass activation lock, as well as an lock screen bypass that has been demoed publicly a couple weeks ago.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Eastern European-based attackers gained access to the networks of energy providers by tampering with software updates for industrial control systems, gaining a foothold that could be used for sabotage, Symantec said Monday.
Microsoft has taken legal action to combat the spread of malware that the company says can be traced to bad actors in Kuwait and Algeria.
Google has launched a new site, CookieChoices.org, to help visitors of European sites learn more about the digital breadcrumbs they leave behind through cookies.

Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.

Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm).

"By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration," Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. "Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away."

Read 8 remaining paragraphs | Comments

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
WebKit CVE-2014-1731 Unspecified Memory Corruption Vulnerability
ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities
WebKit CVE-2014-1346 Cross-Origin Security Bypass Vulnerability
A recent report from the U.S. intelligence director that provides the number of surveillance targets in 2013 is not specific enough to provide the transparency the nation's residents need, two senators said.
As a consumer advocate my heart is with Aereo, a startup that uses tiny antennas (pictured below) to capture broadcast airwaves and stream those signals to users who pay about $8 a month. But as a "content creator" my head is with the broadcasters and the Supreme Court on this one.
With a number of high-profile security breaches making headlines of late, organizations are increasingly realizing they must beef up their security teams or risk catastrophe. Matt Comyns, global co-head of the Cybersecurity practice at Russell Reynolds Associates, an executive leadership and search firm, sat down with CIO.com to discuss the changing role of the Chief Information Security Officer (CISO), the global cybersecurity landscape and why finding and retaining elite security talent is critical.
Will your choice of phablet determine the mobile ecosystem you get locked into for health and fitness tracking, automobile navigation and home entertainment?
APPLE-SA-2014-06-30-4 Apple TV 6.1.2
APPLE-SA-2014-06-30-3 iOS 7.1.2
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003
APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5
The U.S. Supreme Court declined to throw out a class-action lawsuit against Google for sniffing Wi-Fi networks with its Street View cars.
You will likely see more ads on your Twitter feed that link to mobile apps in the Apple and Google stores.
Xen 'gnttab_setup_table' Information Disclosure Vulnerability
Users and analysts were in an uproar over the news that Facebook manipulated users' News Feeds to conduct a weeklong psychological study that affected about 700,000 people.

Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.

Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex, was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps.

"This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems," the Symantec report stated. "While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."

Read 5 remaining paragraphs | Comments

Oracle is hoping it can attract more developers with MAF (Mobile Application Framework), which aims to simplify the development of cross-platform enterprise apps for smartphones and tablets.
Hewlett-Packard is in "serious" talks about settling a lawsuit brought by shareholders over its troubled acquisition of infrastructure software vendor Autonomy.
San Francisco and San Jose are now at the cutting edge of another tech trend, and one that has nothing to do with smartwatches or social-media startups -- not directly, at least.
There is yet another reason to be wary of spam email about bank transfers or invoices -- it could be carrying a new, cleverly designed malware program that steals financial information.
Hoping to simplify life for system administrators, CoreOS has launched a commercial Linux distribution that continually updates itself, eliminating the need to perform major upgrades.
LinuxSecurity.com: Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Multiple vulnerabilities have been found in Konqueror, the worst of which may allow execution of arbitrary code.
LinuxSecurity.com: A vulnerability has been found in sudo allowing a local attacker to gain elevated privileges.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Multiple vulnerabilities have been discovered in KDE Libraries, the worst of which could lead to man-in-the-middle attacks.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Multiple vulnerabilities have been found in Wireshark, the worst of which allows remote attackers to execute arbitrary code.
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability
[SECURITY] [DSA 2970-1] cacti security update

During last weeks ISC handler panel at SANSFIRE, we had a lot more questions then we could answer. So I am trying to post some of these questions here over the next few days/weeks and please, chime in and give your answers as well. The questions will use the tag "SANSFIRE" and will also be labeled as such in the subject.

The first question we got: "How would one justify to management that setting up honeypots on the network is a good idea?"

The goal of having a honeypot is to learn more about your attackers. A honeypot will only see malicious traffic, making it easy to spot attacks. you can use data from successful attacks against a honeypot to derive indicators of compromise that are then used to detect similar attacks against business systems. Without the honeypot, it would be very difficult to spot these attacks due to all the other traffic a business system sees.

First of all, if you do setup a honeypot, make sure you do so correctly. The last thing you would like to have happen is to have the honeypot pose a risk to your network. Overall, there are a number of different kinds of honeypot. You could setup a "full interaction" honeypot. This is usually a vulnerable host complete with operating system and respective software. These full interaction honeypots do need a lot of care and supervision. They can easily be turned against you. If you decide to set one up: Don't make it too vulnerable. Configure it similar to your production system. The goal is not to find "any" attacker, but attackers that matter.

As an alternative to a full interaction honeypot, you may want to consider a medium-interaction honeypot. These honeypots simulate vulnerable services. They are a lot easier to maintain and generally safer. One such honeypot we discussed in the past is kippo, which simulates a vulnerable ssh server. The problem with these honeypots is that they are easily spotted by a sophisticated attacker. But they do allow you do collect malware attackers upload (so you can search for it on other systems).

Lastly, and in my opinion one of the most useful honeypots, are what some people call "honeytokens". Instead of dedicating a machine to the task of being a honeypot, you add little trap doors to existing applications. 2-3 such trap doors can do a good job identifying attackers who go the extra mile and do some manual work, vs. just running nmap/nessus and similar tools against your site.

Anybody here has a success story how data collected from a honeypot became useful?

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The wait is almost over for early adopters of Blackphone, an Android-based smartphone that promises enhanced privacy and security.
Following Wednesday's adverse Supreme Court decision, Aereo will suspend its online service, which lets its subscribers watch "over the air" broadcast television via the Web.
The hunt for memory technology to replace NAND flash storage within the next 10 years is under way, and startup Crossbar is planning to bringing its version of RRAM (resistive random-access memory) technology to market next year.
No enterprise is an island. In a connected world, a business cannot function without multiple relationships with third parties -- outside vendors, contractors, affiliates, partners and others.
At the Google I/O conference last week week, the company vigorously lobbied developers to adopt a new programming model, one that could, the company asserted, make it radically easier to build Web applications.
IT research firm Gartner has cut its forecast for global IT spending by about one-third for this year, blaming a tougher competitive environment and subsequent pressure on vendors to lower prices.
As Google last week introduced new features for its online and Android productivity apps, it also quietly announced that it has halted development on Quickoffice and would soon pull the free software from the Google Play store and Apple's App Store.
The Internet of Things is producing a lot of interesting consumer products that have the potential to lead to important enterprise tools. Here is a basic overview of the concept, together with examples of available products and what they offer.
What can Internet of Things products bring to your home? Here are the features offered by 14 of the major vendors.
A new California law removes a ban on using currencies other than the U.S. dollar, which is intended to accommodate the growing use of alternative payment methods such as bitcoin.
Internet Storm Center Infocon Status