# SANS ISC

# threatpost.com

  • British Airways Suspends Some Accounts Following Unauthorized Activity Mon, 30 Mar 2015 19:22:11 +0000
    British Airways, one of the U.K's biggest airlines, suspended users' frequent flier accounts this weekend after an apparent breach recently hit the company.
  • eBay Fixes File Upload and Patch Disclosure Bugs Mon, 30 Mar 2015 17:41:18 +0000
    eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by […]
  • Hackers Selling Uber Credentials on Underground Market Mon, 30 Mar 2015 16:57:33 +0000
    Uber user credentials are on sale on underground hacking forums, but the alternative taxi company says it has found no evidence of a breach of its systems.
  • DDoS Attack Against GitHub Continues After More Than Four Days Mon, 30 Mar 2015 14:55:21 +0000
    More than four days after it began, the massive DDoS attack on GitHub is still ongoing. The attack has evolved significantly since it started and GitHub officials said they believe that the goal of the operation is to force the site to remove some specific content. In the evening hours of March 25, DDoS attack […]
  • Ad Networks Ripe for Abuse Via Malvertising Mon, 30 Mar 2015 14:05:15 +0000
    Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.
  • iOS, OS X Library AFNetwork Patches MiTM Vulnerability Fri, 27 Mar 2015 18:56:18 +0000
    Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
  • Slack Discloses Breach of Its User Profile Database, Implements 2FA Fri, 27 Mar 2015 18:49:36 +0000
    Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.
  • FBI Pleads For Crypto Subversion in Congressional Budget Hearing Fri, 27 Mar 2015 17:49:45 +0000
    FBI Director James Comey pleads with Congress to create a law that would allow law enforcement access to encrypted mobile communications on Android and Apple devices.
  • GitHub Hit With DDoS Attack Fri, 27 Mar 2015 15:54:02 +0000
    A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
  • Threatpost News Wrap, March 27, 2015 Fri, 27 Mar 2015 15:50:10 +0000
    Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company's crypto efforts.

# Reddit netsec

# Krebs On Security

  • Sign Up at irs.gov Before Crooks Do It For You Mon, 30 Mar 2015 04:23:55 +0000
    If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his […]
  • Who Is the Antidetect Author? Thu, 26 Mar 2015 14:48:26 +0000
    Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video produced by the author of Antidetect showing the software being used to buy products online with stolen credit cards. Today, we'll take a closer look at clues to a possible real-life identity of this tool's creator.
  • Tax Fraud Advice, Straight from the Scammers Wed, 25 Mar 2015 16:10:22 +0000
    Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. Few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we'll see in the conversations highlighted in this post.

# Bruce Schneier's blog

  • Brute-Forcing iPhone PINs Mon, 30 Mar 2015 06:47:43 -0500
    This is a clever attack, using a black box that attaches to the iPhone via USB: As you know, an iPhone keeps a count of how many wrong PINs have been entered, in case you have turned on the Erase Data option on the Settings | Touch ID & Passcode screen. That's a highly-recommended option, because it wipes your device...
  • Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products Fri, 27 Mar 2015 16:03:10 -0500
    More research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Yet Another Computer Side Channel Fri, 27 Mar 2015 07:01:04 -0500
    Researchers have managed to get two computers to communicate using heat and thermal sensors. It's not really viable communication -- the bit rate is eight per hour over fifteen inches -- but it's neat....
  • New Zealand's XKEYSCORE Use Thu, 26 Mar 2015 09:46:15 -0500
    The Intercept and the New Zealand Herald have reported that New Zealand spied on communications about the World Trade Organization director-general candidates. I'm not sure why this is news; it seems like a perfectly reasonable national intelligence target. More interesting to me is that the Intercept published the XKEYSCORE rules. It's interesting to see how primitive the keyword targeting is,...
  • Capabilities of Canada's Communications Security Establishment Wed, 25 Mar 2015 06:55:48 -0500
    There's a new story about the hacking capabilities of Canada's Communications Security Establishment (CSE), based on the Snowden documents....
  • Reforming the FISA Court Tue, 24 Mar 2015 09:04:42 -0500
    The Brennan Center has a long report on what's wrong with the FISA Court and how to fix it. At the time of its creation, many lawmakers saw constitutional problems in a court that operated in total secrecy and outside the normal "adversarial" process.... But the majority of Congress was reassured by similarities between FISA Court proceedings and the hearings...
  • BIOS Hacking Mon, 23 Mar 2015 07:07:54 -0500
    We've learned a lot about the NSA's abilities to hack a computer's BIOS so that the hack survives reinstalling the OS. Now we have a research presentation about it. From Wired: The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually...
  • Friday Squid Blogging: Squid Pen Fri, 20 Mar 2015 16:29:44 -0500
    Neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • New Paper on Digital Intelligence Fri, 20 Mar 2015 13:51:04 -0500
    David Omand -- GCHQ director from 1996-1997, and the UK's security and intelligence coordinator from 2000-2005 -- has just published a new paper: "Understanding Digital Intelligence and the Norms That Might Govern It." Executive Summary: This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency...
  • Cisco Shipping Equipment to Fake Addresses to Foil NSA Interception Fri, 20 Mar 2015 06:56:11 -0500
    Last May, we learned that the NSA intercepts equipment being shipped around the world and installs eavesdropping implants. There were photos of NSA employees opening up a Cisco box. Cisco's CEO John Chambers personally complained to President Obama about this practice, which is not exactly a selling point for Cisco equipment abroad. Der Spiegel published the more complete document, along...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Joomla Cross-Site Scripting (XSS) Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML
  • Modal Frame API Module For Drupal Cross-Site Scripting Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML
  • Moodle Arbitrary File Upload Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area.
  • Node.js Qs Module Denial Of Service Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
  • Oracle Java SE 7u67 Deployment vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
  • PizzaInn_Project Register-Exec.php Cross-Site Scripting Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.
  • Professional Theme For Drupal Theme Settings Cross-Site Scripting Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information.
  • QEMU Ssd0323_load() Code Execution Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.
  • QEMU Virtio_net_load() Buffer Overflow Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
  • SAProute Denial Of Service Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
  • Updated Sleuthkit Packages Fix Security Vulnerabilities Thu, 26 Mar 2015 00:00 GMT
    The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.
  • "File Upload BBS" Of I-HTTPD Contains A Remote Command Execution Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives.
  • AdaptCMS Multiple Cross-Site Scripting Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new.
  • Adobe Flash Player And AIR Out Of Bounds Read Memory Corruption Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service
  • Adobe Flash Player Memory Corruption Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
  • Adobe Reader And Acrobat Denial Of Service Memory Corruption Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption)
  • Adobe Reader And Acrobat Memory Corruption Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption)
  • AirTies Air6372SO Modem Top.html Cross-Site Scripting Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.
  • Android Settings Application Privilage Escalation Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824
  • Apache Solr Stats Page Cross-Site Scripting Vulnerabilities Fri, 27 Mar 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.