# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

  • FBI: $1.2B Lost to Business Email Scams Fri, 28 Aug 2015 01:01:54 +0000
    The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.
  • Who Hacked Ashley Madison? Wed, 26 Aug 2015 16:04:47 +0000
    AshleyMadison.com, a site that helps married people cheat and whose slogan is "Life is Short, have an Affair," recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team, the name chosen by the hacker(s) who released data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.
  • Leaked AshleyMadison Emails Suggest Execs Hacked Competitors Mon, 24 Aug 2015 19:16:11 +0000
    Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company's CEO suggests that AshleyMadison's top leadership hacked into a competing dating service in 2012.

# Bruce Schneier's blog

  • Iranian Phishing Thu, 27 Aug 2015 12:36:10 -0500
    CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication. This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and...
  • Defending All the Targets Is Impossible Thu, 27 Aug 2015 06:57:06 -0500
    In the wake of the recent averted mass shooting on the French railroads, officials are realizing that there are just too many potential targets to defend. The sheer number of militant suspects combined with a widening field of potential targets have presented European officials with what they concede is a nearly insurmountable surveillance task. The scale of the challenge, security...
  • Regularities in Android Lock Patterns Wed, 26 Aug 2015 06:24:30 -0500
    Interesting: Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master's thesis. She found that a large percentage of them­ -- 44 percent­ -- started in the top left-most node of the screen. A full 77 percent of them started in one of the four...
  • Movie Plot Threat: Terrorists Attacking US Prisons Tue, 25 Aug 2015 14:19:38 -0500
    Kansas Senator Pat Roberts wins an award for his movie-plot threat: terrorists attacking the maximum-security federal prison at Ft. Leavenworth: In an Aug. 14 letter to Defense Secretary Ashton B. Carter, Roberts stressed that Kansas in general -- and Leavenworth, in particular -- are not ideal for a domestic detention facility. "Fort Leavenworth is neither the ideal nor right location...
  • Are Data Breaches Getting Larger? Tue, 25 Aug 2015 06:27:46 -0500
    This research says that data breaches are not getting larger over time. "Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest: Abstract: Recent widely publicized data breaches have exposed the personal information of hundreds of millions of people. Some reports point to alarming increases in both the size and frequency of...
  • Heartbeat as a Biometric Mon, 24 Aug 2015 12:14:29 -0500
    Yet another biometric: your heartbeat....
  • The Advertising Value of Intrusive Tracking Mon, 24 Aug 2015 05:50:23 -0500
    Here's an interesting research paper that tries to calculate the differential value of privacy-invasive advertising practices. The researchers used data from a mobile ad network and was able to see how different personalized advertising practices affected customer purchasing behavior. The details are interesting, but basically, most personal information had little value. Overall, the ability to target advertising produces a 29%...
  • Friday Squid Blogging: Calamari Ripieni Recipe Fri, 21 Aug 2015 16:07:14 -0500
    Nice and easy Calamari Ripieni recipe, along with general instructions on cooking squid: Tenderizing squid is as simple as pounding it flat -- if you're going to turn it into a steak. Otherwise, depending on the size of the squid, you can simply trim off the tentacles and slice the squid body, or mantle, into rings that can be grilled,...
  • NSA Plans for a Post-Quantum World Fri, 21 Aug 2015 12:36:33 -0500
    Quantum computing is a novel way to build computers -- one that takes advantage of the quantum properties of particles to perform operations on data in a very different way than traditional computers. In some cases, the algorithm speedups are extraordinary. Specifically, a quantum computer using something called Shor's algorithm can efficiently factor numbers, breaking RSA. A variant can break...
  • SS7 Phone-Switch Flaw Enabled Surveillance Fri, 21 Aug 2015 06:47:08 -0500
    Interesting: Remember that vulnerability in the SS7 inter-carrier network that lets hackers and spies track your cellphone virtually anywhere in the world? It's worse than you might have thought. Researchers speaking to Australia's 60 Minutes have demonstrated that it's possible for anyone to intercept phone calls and text messages through that same network. So long as the attackers have access...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Betster Multiple SQL injection vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
  • Cisco TelePresence Server On Virtual Machine Local Privilege Escalation Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges
  • EMC RSA Certificate Manager Administration Server Denial Of Service Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.
  • Exchange Forged Meeting Request Spoofing Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."
  • HP Point Of Sale PC OPOSMSR.ocx For Hybrid POS Printers With MICR Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers
  • Multiple HP Products Multiple Cross Site Scripting Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML
  • Request Tracker Information Disclosure Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    RT 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data
  • The GIF Encoder In Byzanz Execute Arbitrary Code Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.
  • Webshop Hun 1.062S Cross-Site Scripting Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php.
  • WordPress WPML Plugin SQL Injection Vulnerabilities Wed, 05 Aug 2015 00:00 GMT
    SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
  • Cisco NX-OS Software Command Injection Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network
  • Foreman Smart Proxy SSL Certificate Validation Security Bypass Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
  • Hospira MedNet Bypass Intended Access Restrictions Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
  • IBM Notes Traveler Companion For Windows Phones Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.
  • OpenSSL Pointer Corruption And Application Crash Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash)
  • ShareLaTeX Directory Traversal Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
  • WebGate WebEyeAudio ActiveX Control Stack Buffer Overflow Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value.
  • WordPress Cross Slide 2.0.5 Cross Site Request Forgery Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php.
  • WordPress SEO By Yoast 1.7.3.3 Cross-Site Request Forgery Vulnerabilities Mon, 10 Aug 2015 00:00 GMT
    Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.
  • Cisco Unity Connection 'SIP Trunk Integration' Multiple Denial Of Service Vulnerabilities Tue, 11 Aug 2015 00:00 GMT
    The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet