# SANS ISC

# threatpost.com

  • Facebook Malware Poses as Flash Update, Infects 110K Users Fri, 30 Jan 2015 17:34:19 +0000
    UPDATE: A new piece of malware is making the rounds on Facebook, infecting users after luring them in with a link to a salacious video.
  • Threatpost News Wrap, January 30, 2015 Fri, 30 Jan 2015 16:55:08 +0000
    Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions!
  • Army Research Lab Releases Dshell Forensics Framework Fri, 30 Jan 2015 15:59:44 +0000
    The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The goal in open sourcing the framework […]
  • Reddit Publishes its First Transparency Report Fri, 30 Jan 2015 15:28:07 +0000
    Reddit published its first transparency report and said it received a relatively low number of government requests for user information and content takedowns.
  • PHP Applications, WordPress Subject to Ghost glibc Vulnerability Thu, 29 Jan 2015 20:02:09 +0000
    Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.
  • ZeroAccess Botnet Returns, Resumes Click-Fraud Activity Thu, 29 Jan 2015 19:25:48 +0000
    Long thought dead, the peer-to-peer (P2P) ZeroAccess botnet has resurfaced and as of just a few weeks ago, has returned to propagating click-fraud scams.
  • Microsoft Publishes Information Sharing Guidelines Thu, 29 Jan 2015 18:58:34 +0000
    Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.
  • Schneider Electric Patches Buffer Overflow in ICS Products Thu, 29 Jan 2015 17:09:06 +0000
    There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines. The vulnerability lies in a DLL that’s installed with a Device Type Manager that is part of several Schneider products, including the Unity Pro development software, the […]
  • GitHub Doubles Down on Maximum Bug Bounty Payouts Thu, 29 Jan 2015 16:21:40 +0000
    GitHub announced that it has doubled the maximum payouts possible via its bug bounty program to $10,000.
  • FCC Warns Businesses WiFi Blocking is Illegal Thu, 29 Jan 2015 14:52:02 +0000
    In the wake of a recent enforcement action against Marriott for blocking guests’ WiFi hotspots in their hotels, the FCC is warning other hotel operators and business owners that such blocking is illegal and the commission’s Enforcement Bureau is taking note. Marriott last year paid a fine of $600,000 to settle an FCC enforcement action […]

# Reddit netsec

# Krebs On Security

  • The Internet of Dangerous Things Thu, 29 Jan 2015 17:28:08 +0000
    Distributed denial-of-service (DDoS) attacks designed to silence end users and sideline Web sites grew with alarming frequency and size last year, according to new data released this week. Those findings dovetail quite closely with the attack patterns seen against this Web site over the past year.
  • FBI: Businesses Lost $215M to Email Scams Wed, 28 Jan 2015 14:11:58 +0000
    It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked. Federal investigators say the so-called “business email […]
  • Yet Another Emergency Flash Player Patch Tue, 27 Jan 2015 14:17:00 +0000
    For the second time in a week, Adobe has issued an emergency update to fix a critical security flaw that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X. Last week, Adobe released an out-of-band Flash Patch to fix a dangerous bug that […]

# Bruce Schneier's blog

  • Friday Squid Blogging: Large Squid Washes up on Greek Beach Fri, 30 Jan 2015 16:15:21 -0600
    No mention of the species, but the photo is a depressing one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Co3 Systems Is Expanding into Europe Fri, 30 Jan 2015 14:57:55 -0600
    This was supposed to be a secret until the middle of February, but we've been found out. We already have European customers; this is our European office. And, by the way, we're hiring, primarily in the Boston area....
  • Operating a Fake Bank Fri, 30 Jan 2015 06:49:49 -0600
    Here's a story of a fake bank in China -- a real bank, not an online bank -- that stole $32m from depositors over a year. Pro tip: real banks never offer 2%/week interest....
  • Canada Spies on Internet Downloads Thu, 29 Jan 2015 06:26:35 -0600
    Another story from the Snowden documents: According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada's equivalent of the NSA. (The Canadian agency was formerly known as "CSEC" until a recent name change.) [...] CSE finds...
  • Subconscious Keys Wed, 28 Jan 2015 06:39:37 -0600
    I missed this paper when it was first published in 2012: "Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks" Abstract: Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as...
  • Police Using Radar that Sees Through Walls Tue, 27 Jan 2015 13:08:44 -0600
    In the latest example of a military technology that has secretly been used by the police, we have radar guns that can see through walls....
  • The IDEA Encryption Algorithm with a 128-bit Block Length Tue, 27 Jan 2015 06:24:08 -0600
    Here's an IDEA-variant with a 128-bit block length. While I think it's a great idea to bring IDEA up to a modern block length, the paper has none of the cryptanalysis behind it that IDEA had. If nothing else, I would have expected more than eight rounds. If anyone wants to practice differential and linear cryptanalysis, here's a new target...
  • Basaaly Moalin: The One "Terrorist" Caught by Section 215 Surveillance Mon, 26 Jan 2015 05:51:40 -0600
    Remember back in 2013 when the then-director of the NSA Keith Alexander claimed that Section 215 bulk telephone metadata surveillance stopped "fifty-four different terrorist-related activities"? Remember when that number was backtracked several times, until all that was left was a single Somali taxi driver who was convicted of sending some money back home? This is the story of Basaaly Moalin....
  • My Conversation with Edward Snowden Fri, 23 Jan 2015 16:57:54 -0600
    Today, as part of a Harvard computer science symposium, I had a public conversation with Edward Snowden. The topics were largely technical, ranging from cryptography to hacking to surveillance to what to do now. Here's the video. EDITED TO ADD (1/24): News article. EDITED TO ADD (1/30): Another news ">article....
  • Friday Squid Blogging: Giggling Squid Restaurant Fri, 23 Jan 2015 16:22:49 -0600
    Giggling Squid is a Thai restaurant chain in the UK. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

# WIRED Threat Level

# exploit-db.com

# Securiteam