# SANS ISC

# threatpost.com

  • Attackers Compromise ICANN, Access Zone Files System Thu, 18 Dec 2014 00:46:14 +0000
    Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started […]
  • Google Releases End-To-End Chrome Extension to Open Source Wed, 17 Dec 2014 18:57:23 +0000
    Google announced that it was making the source code for its End-to-End Chrome Extension available for review on GitHub. End-to-End encrypts and signs Gmail messages.
  • Manufacturer’s Backdoor Found on Popular Chinese Android Smartphone Wed, 17 Dec 2014 16:59:03 +0000
    Chinese smartphones from Coolpad contain a backdoor, dubbed CoolReaper by Palo Alto researchers, is being used to install apps without user consent.
  • Google Adds Content Security Policy Support to Gmail Wed, 17 Dec 2014 15:32:35 +0000
    Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s been supported in a number of browsers […]
  • Sony: Employee Health Information May Have Been Compromised Tue, 16 Dec 2014 16:12:03 +0000
    Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November. The letter, which also was sent to the California Office of […]
  • Researchers Go Inside Illegal Underground Hacking Markets Tue, 16 Dec 2014 15:50:09 +0000
    Researchers at Dell SecureWorks have looked at services and pricing available inside illegal online marketplaces selling crimeware, stolen identities, credit cards, and hacking services.
  • Two Cisco Products Vulnerable to POODLE Attack on TLS Tue, 16 Dec 2014 14:10:44 +0000
    Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who discovered that if an attacker can force a vulnerable Web server to fall back from […]
  • Google Blacklists WordPress Sites Peddling SoakSoak Malware Mon, 15 Dec 2014 19:08:09 +0000
    Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign that's pushing malware and multiple exploit kits to the browser.
  • Mike Mimoso on the Sony Breach Mon, 15 Dec 2014 17:25:58 +0000
    Dennis Fisher and Mike Mimoso talk about the details of the Sony breach, including the question of attribution, Sony's response to the attack, media outlets publishing the stolen data and the rise of destructive malware attacks.
  • Google Proposes Marking ‘HTTP’ as Insecure in 2015 Mon, 15 Dec 2014 17:05:02 +0000
    Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.

# Reddit netsec

# Krebs On Security

  • Banks: Park-n-Fly Online Card Breach Tue, 16 Dec 2014 18:04:49 +0000
    Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide.
  • In Damage Control, Sony Targets Reporters Mon, 15 Dec 2014 14:35:46 +0000
    Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company's recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach.
  • SpamHaus, CloudFlare Attacker Pleads Guilty Sun, 14 Dec 2014 03:55:57 +0000
    A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare, KrebsOnSecurity has learned.

# Bruce Schneier's blog

  • How the FBI Unmasked Tor Users Wed, 17 Dec 2014 06:44:57 -0600
    Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identity Tor users....
  • Fake Cell Towers Found in Norway Tue, 16 Dec 2014 11:34:04 -0600
    In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop. This is happening in the US, too. Remember the rule: we're all using the same infrastructure, so we can either keep it insecure so we -- and...
  • Understanding Zero-Knowledge Proofs Mon, 15 Dec 2014 13:13:46 -0600
    Matthew Green has a good primer....
  • Over 700 Million People Taking Steps to Avoid NSA Surveillance Mon, 15 Dec 2014 06:07:59 -0600
    There's a new international survey on Internet security and trust, of "23,376 Internet users in 24 countries," including "Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States." Amongst the findings, 60% of Internet users have heard of Edward...
  • Friday Squid Blogging: Recreational Squid Fishing in Washington State Fri, 12 Dec 2014 16:32:17 -0600
    There is year-round recreational squid fishing from the Strait of Juan de Fuca to south Puget Sound. A nighttime sport that requires simple, inexpensive fishing tackle, squid fishing-or jigging-typically takes place on the many piers and docks throughout the Puget Sound region As usual, you can also use this squid post to talk about the security stories in the news...
  • Incident Response Webinar on Thursday Fri, 12 Dec 2014 14:05:56 -0600
    On 12/18 I'll be part of a Co3 webinar where we examine incident-response trends of 2014 and look ahead to 2015. I tend not to do these, but this is an exception. Please sign up if you're interested....
  • Who Might Control Your Telephone Metadata Fri, 12 Dec 2014 09:26:41 -0600
    Remember last winter when President Obama called for an end to the NSA's telephone metadata collection program? He didn't actually call for an end to it; he just wanted it moved from an NSA database to some commercial database. (I still think this is a bad idea, and that having the companies store it is worse than having the government...
  • Comments on the Sony Hack Thu, 11 Dec 2014 14:37:49 -0600
    I don't have a lot to say about the Sony hack, which seems to still be ongoing. I want to highlight a few points, though. At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it's not an insider, either.) That we live in the world where we aren't...
  • Not Enough CISOs to Go Around Thu, 11 Dec 2014 06:31:23 -0600
    This article is reporting that the demand for Chief Information Security Officers far exceeds supply: Sony and every other company that realizes the need for a strong, senior-level security officer are scrambling to find talent, said Kris Lovejoy, general manager of IBM's security service and former IBM chief security officer. CISOs are "almost impossible to find these days," she said....
  • Effects of Terrorism Fears Wed, 10 Dec 2014 11:40:52 -0600
    Interesting article: "How terrorism fears are transforming America's public space." I am reminded of my essay from four years ago: "Close the Washington Monument."...

# WIRED Threat Level

# exploit-db.com

# Securiteam