Information Security News
I had the pleasure of attending DerbyCon 4.0 (FamilyÂ Rootz) this past Friday and Saturday and can tell you that if you haven't already attended yourself, plan to do so next year. Aside from the smaller and more encompassing "family" feel, an intentional and protected approach strongly advocated for by @HackingDave and the great @DerbyCon team, you'll also be contributing to Hackers For Charity (HFC). For those of you who couldn't attend but are interested in some of the outstanding content, Adrian Crenshaw (@irongeek_adc) and his team always shoot video of each presentation. For DerbyCon 4.0 they've posted the videos to the Irongeek site here. Â
There are so many great talks to choose from but I'll share a few that really resonated with me given current interest or focus areas:
Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades - Tim Medin
Abusing Active Directory in Post-Exploitation â Carlos Perez
Ball and Chain (A New Paradigm in Stored Password Security) â Benjamin Donnelly and Tim Tomes
Third Party Code: FIX ALL THE THINGS â Kymberlee Price and Jake Kouns
You should also, in the simple name of humanity, watch Johnny Long's keynote, Hackers saving the world from the zombie apocalypse.
Great conference, great people, great presentations; take the time to watch as many of the videos as possible, and see if you can get a ticket next year when DerbyCon comes around again.
by Robert Lemos
In late September, advertisements appearing on a host of popular news and entertainment sites began serving up malicious code, infecting some visitors' computers with a backdoor program designed to gather information on their systems and install additional malicious code.
The attack affected visitors to The Jerusalem Post, The Times of Israel, The Hindustan Times, Internet music service Last.fm, and India-focused movie portal Bollywood Hungama, among other popular sites. At the center of the malware campaign: the compromise of San Francisco-based Internet advertising network Zedo, an advertising provider for the sites, whose network was then used to distribute malicious ads.
For ten days, the company investigated multiple malware reports, retracing the attacker's digital footsteps to identify the malicious files and shut the backdoor to its systems.
by Sean Gallagher
Over the past few days, Apple, Red Hat, and others have pushed out patches to vulnerabilities in the GNU Bourne Again Shell (bash). The vulnerabilities previously allowed attackers to execute commands remotely on systems that use the command parser under some conditions—including Web servers that use certain configurations of Apache. However, some of the patches made changes that broke from the functionality of the GNU bash code, so now debate continues about how to “un-fork” the patches and better secure bash.
At the same time, the urgency of applying those patches has mounted as more attacks that exploit the weaknesses in bash’s security (dubbed “Shellshock”) have appeared. In addition to the threat first spotted the day after the vulnerability was made public, a number of new attacks have emerged. While some appear to simply be vulnerability scans, there are also new exploit attempts that carry malware or attempt to give the attacker direct remote control of the targeted system.
On Monday, the SANS Technology Institute’s Internet Storm Center (ISC) elevated its INFOcon threat level—a measure of the danger level of current Internet “worms” and other threats based on Internet traffic—to Yellow. This level indicates an attack that poses a minor threat to the Internet’s infrastructure as a whole with potential significant impact on some systems. Johannes Ullrich, Dean of Research at SANS, noted that six exploits based on Shellshock have been recorded by the ISC’s servers and “honeypot” systems. (A honeypot is a virtual or physical computer system set up to entice attackers and record their actions.)
Posted by InfoSec News on Sep 30http://www.infosecnews.org/ab-acquisition-llc-and-supervalu-inc-annouce-second-hacking-incident-involving-payment-card-data-processing/
Posted by InfoSec News on Sep 30http://www.bankinfosecurity.com/shellshock-ddos-attacks-spike-a-7365
Posted by InfoSec News on Sep 30http://www.koreaherald.com/view.php?ud=20140929000954
Posted by InfoSec News on Sep 30http://www.zdnet.com/fbi-releases-malware-investigator-portal-to-industry-players-7000034186/
Posted by InfoSec News on Sep 30http://www.computerworld.com/article/2688809/ceo-indicted-for-companys-alleged-mobile-spyware-app.html