# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

  • Fraudsters Steal Tax, Salary Data From ADP Tue, 03 May 2016 17:04:15 +0000
    Identity thieves stole tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms, KrebsOnSecurity has learned. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters.
  • How the Pwnedlist Got Pwned Mon, 02 May 2016 11:13:36 +0000
    Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet's largest collections of compromised credentials.
  • A Dramatic Rise in ATM Skimming Attacks Fri, 29 Apr 2016 15:42:36 +0000
    Skimming attacks on ATMs increased at an alarming rate last year for both American and European banks and their customers, according to recent stats collected by fraud trackers. The trend appears to be continuing into 2016, with outbreaks of skimming activity visiting a much broader swath of the United States than in years past.

# Bruce Schneier's blog

  • $7 Million Social Media Privacy Mistake Wed, 04 May 2016 14:28:45 -0500
    Forbes estimates that football player Laremy Tunsil lost $7 million in salary because of an ill-advised personal video made public....
  • Credential Stealing as an Attack Vector Wed, 04 May 2016 06:51:25 -0500
    Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what's missing is a recognition that...
  • Julian Sanchez on the Feinstein-Burr Bill Tue, 03 May 2016 13:10:03 -0500
    Two excellent posts. It's such a badly written bill that I wonder if it's just there to anchor us to an extreme, so we're relieved when the actual bill comes along. Me: "This is the most braindead piece of legislation I've ever seen," Schneier -- who has just been appointed a Fellow of the Kennedy School of Government at Harvard...
  • Fake Security Conferences Mon, 02 May 2016 15:45:31 -0500
    Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story....
  • Vulnerabilities in Samsung's SmartThings Mon, 02 May 2016 09:01:13 -0500
    Interesting research: Earlence Fernandes, Jaeyeon Jung, and Atul Prakash, "Security Analysis of Emerging Smart Home Applications": Abstract: Recently, several competing smart home programming frameworks that support third party app development have emerged. These frameworks provide tangible benefits to users, but can also expose users to significant security risks. This paper presents the first in-depth empirical security analysis of one such...
  • Friday Squid Blogging: Global Squid Shortage Fri, 29 Apr 2016 16:05:18 -0500
    There's a squid shortage along the Pacific coast of the Americas. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • I'm Writing a Book on Security Fri, 29 Apr 2016 13:02:33 -0500
    I'm writing a book on security in the highly connected Internet-of-Things World. Tentative title: Click Here to Kill Everybody Peril and Promise in a Hyper-Connected World There are two underlying metaphors in the book. The first is what I have called the World-Sized Web, which is that combination of mobile, cloud, persistence, personalization, agents, cyber-physical systems, and the Internet of...
  • Documenting the Chilling Effects of NSA Surveillance Fri, 29 Apr 2016 06:28:27 -0500
    In Data and Goliath, I talk about the self-censorship that comes along with broad surveillance. This interesting research documents this phenomenon in Wikipedia: "Chilling Effects: Online Surveillance and Wikipedia Use," by Jon Penney, Berkeley Technology Law Journal, 2016. Abstract: This article discusses the results of the first empirical study providing evidence of regulatory "chilling effects" of Wikipedia users associated with...
  • Amazon Unlimited Fraud Thu, 28 Apr 2016 08:20:03 -0500
    Amazon Unlimited is a all-you-can-read service. You pay one price and can read anything that's in the program. Amazon pays authors out of a fixed pool, on the basis of how many people read their books. More interestingly, it pays by the page. An author makes more money if someone reads his book through to page 200 than if they...
  • Two Good Readings on the Encryption "Going Dark" Debate Wed, 27 Apr 2016 06:46:47 -0500
    Testimonies of Matt Blaze and Danny Weitzner, both on April 19th before the House Energy and Commerce Committee. And the hearing....

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Oracle Enterprise Manager Grid Control Remote Security Vulnerabilities Wed, 27 Apr 2016 00:00 GMT
    Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Loader Service.
  • Oracle GoldenGate Arbitrary File Upload Vulnerabilities Wed, 27 Apr 2016 00:00 GMT
    Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect availability via unknown vectors.
  • Oracle MySQL Server Vulnerabilities Related To UDF Wed, 27 Apr 2016 00:00 GMT
    Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
  • Oracle Retail Point-Of-Service Local Security Vulnerabilities Wed, 27 Apr 2016 00:00 GMT
    the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS.
  • Oracle Solaris Verified Boot Security Vulnerabilities Wed, 27 Apr 2016 00:00 GMT
    Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot.
  • Cisco Products Remote Command Execution Vulnerabilities Tue, 03 May 2016 00:00 GMT
    CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request.
  • Django Security Bypass Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
  • Dolibarr Multiple HTML Injection Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
  • Gajim Security Bypass Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
  • IBM WebSphere MQ Local Information Disclosure Vulnerabilities Tue, 03 May 2016 00:00 GMT
    The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
  • Kubernetes Restricted Strategy Vulnerabilities Tue, 03 May 2016 00:00 GMT
    The API server in Kubernetes might allow remote attackers to gain privileges by editing a build configuration to use a restricted strategy.
  • Microsoft Internet Explorer A Crafted Web Site Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
  • Microsoft Office Bypass The ASLR Security Bypass Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism.
  • Multiple Huawei Products Denial Of Service And Security Bypass Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.
  • Nghttp2 Idle Stream Handling Security Vulnerabilities Tue, 03 May 2016 00:00 GMT
    The idle stream handling in nghttp2 before 1.6.0 allows attackers to have impact via unknown vectors, aka a heap-use-after-free bug.
  • Oracle Agile PLM Remote Security Vulnerability Tue, 03 May 2016 00:00 GMT
    Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security..
  • Oracle Database Server Remote Security and confidentiality Vulnerabilities Tue, 03 May 2016 00:00 GMT
    the Workspace Manager component in Oracle Database Server 11.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
  • Oracle E-Business Suite Human Resources Component Vulnerabilities Tue, 03 May 2016 00:00 GMT
    Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities.
  • Oracle Enterprise Manager Grid Control Test Directory Traversal Vulnerability Tue, 03 May 2016 00:00 GMT
    Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps.
  • Oracle JD Edwards EnterpriseOne Infrastructure SEC Remote Security Vulnerabilities Tue, 03 May 2016 00:00 GMT
    the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via unknown vectors related to Monitoring and Diagnostics.