# SANS ISC

# threatpost.com

  • Drupal Patches XSS Vulnerability in Spam Module Wed, 17 Sep 2014 20:41:50 +0000
    Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.
  • Apple Launches iOS 8, Fixes Dozens of Security Flaws Wed, 17 Sep 2014 19:26:33 +0000
    Apple has released iOS 8, a massive update to its mobile operating system, that includes fixes for more than 40 security vulnerabilities. Apple is touting iOS 8 as the biggest update to the software since it launched the App Store, and, aside from the security fixes, there are hundreds of new features and functions in […]
  • Series of Vulnerabilities Found in Schneider Electric SCADA Products Wed, 17 Sep 2014 17:56:24 +0000
    UPDATE–There are several unpatched, remotely exploitable vulnerabilities in a number of Schneider Electric’s SCADA products, one of which could be used to perform a shutdown of the SCADA server. Another of the vulnerabilities is an authentication bypass that could give an attacker access to sensitive data. The vulnerabilities affect a variety of Schneider Electric StruxureWare […]
  • POS Service Confirms Goodwill Breach Lasted 18 Months Wed, 17 Sep 2014 17:11:51 +0000
    Third-party payment vendor C&K Systems released details regarding a breach that affected its systems for 18 months and went on to affect customers who shopped at Goodwill.
  • FreeBSD Patches DoS Vulnerability Wed, 17 Sep 2014 16:04:05 +0000
    FreeBSD patched a vulnerability in the way the OS handles TCP packet processing that could lead to a denial-of-service attack on a server.
  • White House: Internet Not Borderless, But Lacking Interior Wed, 17 Sep 2014 14:55:03 +0000
    White House special assistant to the President and Cybersecurity Coordinator Micheal Daniel explains that a series of simple, known issues add up to a very difficult Internet security problem.
  • Government Requests for Google Data Up Again Wed, 17 Sep 2014 13:43:55 +0000
    Google's latest Transparency Report reveals government requests for data jumped 15 percent from the end of 2013, and that nine countries requested data for the first time.
  • Apple Extends Two-Factor Authentication to iCloud Wed, 17 Sep 2014 11:23:48 +0000
    Apple finally has enabled two-factor authentication for its iCloud storage service, more than a year and a half after the company first turned the protective measure on for iTunes purchases and Apple ID.
  • Archie Exploit Kit Targets Adobe, Silverlight Vulnerabilities Tue, 16 Sep 2014 21:25:57 +0000
    A relatively new exploit kit that exploits old versions of Adobe Flash, Reader and, Silverlight has begun to make the rounds.
  • Adobe Gets Delayed Reader Update Out The Door Tue, 16 Sep 2014 17:10:59 +0000
    Adobe released a new version of Reader and Acrobat, patching eight security vulnerabilities in the PDF reader. The patches were delayed a weeks because of issues during regression testing.

# Reddit netsec

# Krebs On Security

  • Critical Update for Adobe Reader & Acrobat Wed, 17 Sep 2014 15:12:50 +0000
    Adobe has released a security update for its Acrobat and PDF Reader products that fixes at least eight critical vulnerabilities in Mac and Windows versions of the software. If you use either of these programs, please take a minute to update now.
  • Breach at Goodwill Vendor Lasted 18 Months Tue, 16 Sep 2014 19:21:54 +0000
    C&K Systems Inc., a third-party payment vendor blamed for a credit and debit card breach at more than 330 Goodwill locations nationwide, disclosed this week that the intrusion lasted more than 18 months and has impacted at least two other organizations.
  • LinkedIn Feature Exposes Email Addresses Mon, 15 Sep 2014 16:20:38 +0000
    One of the risks of using social media networks is having information you intend to share with only a handful of friends be made available to everyone. Sometimes that over-sharing happens because friends betray your trust, but more worrisome are the cases in which a social media platform itself exposes your data in the name of marketing.

# Bruce Schneier's blog

  • Identifying Dread Pirate Roberts Wed, 17 Sep 2014 14:30:45 -0500
    According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users' true location....
  • Tracking People From their Cell Phones with an SS7 Vulnerability Wed, 17 Sep 2014 07:15:19 -0500
    What's interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability....
  • Two New Snowden Stories Mon, 15 Sep 2014 14:25:35 -0500
    New Zealand is spying on its citizens. Edward Snowden weighs in personally. The NSA and GCHQ are mapping the entire Internet, including hacking into Deutsche Telekom....
  • Security of the SHA Family of Hash Functions Mon, 15 Sep 2014 09:26:00 -0500
    Good article on the insecurity of SHA-1 and the need to replace it sooner rather than later....
  • Friday Squid Blogging: 200-Pound Squid Found in Gulf of Mexico Fri, 12 Sep 2014 16:26:13 -0500
    A 200-pound dead giant squid was found near the coast of Matagorda, Texas. This is only the third giant squid ever found in the Gulf of Mexico. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • The Concerted Effort to Remove Data Collection Restrictions Fri, 12 Sep 2014 06:41:03 -0500
    Since the beginning, data privacy regulation has focused on collection, storage, and use. You can see it in the OECD Privacy Framework from 1980 (see also this proposed update). Recently, there has been concerted effort to focus all potential regulation on data use, completely ignoring data collection. Microsoft's Craig Mundie argues this. So does the PCAST report. And the World...
  • Tabnapping: A New Phishing Attack Thu, 11 Sep 2014 06:15:57 -0500
    Aza Raskin describes a new phishing attack: taking over a background tab on a browser to trick people into entering in their login credentials. Clever. EDITED TO ADD (9/12): This is not a new attack. The link above is from 2010. Here's another article from 2010....
  • WikiLeaks Spy Files Wed, 10 Sep 2014 14:08:13 -0500
    WikiLeaks has organized the trove of documents about corporations aiding government surveillance around the world. It's worth wandering around through all this material. EDITED TO ADD (9/12): I made a mistake. WikiLeaksdidn't do the organizing; Silk did....
  • Safeplug Security Analysis Wed, 10 Sep 2014 06:35:38 -0500
    Good security analysis of Safeplug, which is basically Tor in a box. Short answer: not yet....
  • Wi-Fi Jammer Tue, 09 Sep 2014 14:07:27 -0500
    A device called Cyborg Unplugged can be configured to prevent any Wi-Fi connection: Oliver notes on the product's website that its so-called "All Out Mode" -- which prevents surveillance devices from connecting to any Wi-Fi network in the area -- is likely illegal, and he advises against its use. Nevertheless, we can imagine activists slipping these little devices into public...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Symantec Encryption Desktop Memory Block Data Read Access Violation Denial of Service Vulnerability Tue, 15 Jul 2014 00:00 GMT
    Symantec Encryption Desktop is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application, denying service to legitimate users.
  • Ppthtml OLEdecode() Buffer Overflow Vulnerability Tue, 15 Jul 2014 00:00 GMT
    Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
  • DDSN Interactive Cm3 Acora CMS URL Redirection Vulnerability Tue, 15 Jul 2014 00:00 GMT
    URL redirection functionality doesn't verify that VirtualPath are relatives.
  • Siemens Integrated Web Server CRLF Injection Vulnerability Tue, 15 Jul 2014 00:00 GMT
    CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors
  • Apache Archiva Cross-Site Scripting (XSS) Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.
  • Apple Secure Transport Man In The Middle(MITM) Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
  • Bitrix Site Manager Cookie User Identity Spoofing Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Bitrix Site Manager is prone to an user identity spoofing vulnerability. Attackers can exploit this issue to spoof the user identity and view or manipulate another user's sensitive information. Successfully exploiting this issue may aid in other attacks.
  • Cisco IOS SSH Session Based Device Reload Denial Of Service Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session
  • Dell SonicWall EMail Security Multiple Cross-Site Scripting (XSS) Vulnerability Fri, 25 Jul 2014 00:00 GMT
    The Dell SonicWall EMail Security Appliance is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
  • F-Secure Anti-Virus Remote Code Execution Vulnerability Fri, 25 Jul 2014 00:00 GMT
    SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.
  • IBM Maximo Asset Management SQL Injection Vulnerability Fri, 25 Jul 2014 00:00 GMT
    IBM Maximo Asset Management is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
  • IBM WebSphere Service Registry And Repository Cross-Site Scripting Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  • Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Microsoft Debug Interface Access SDK is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
  • Oracle Supply Chain Products Suite 9.3.3.0 Information Disclosure Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
  • Python Commandline Symlink Attack Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
  • Apache CloudStack Authentication Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Apache CloudStack is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions, which may aid in further attacks.
  • Apple Safari Restriction Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
  • ASUS RT Routers ShellCode Injection Vulnerability Wed, 30 Jul 2014 00:00 GMT
    The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
  • Cisco IOS XE Software PPPoE Packet Handling Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Cisco IOS XE Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users.
  • Cisco Wide Area Application Services Buffer Overflow Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in Cisco Wide Area Application Services (WAAS). A remote user can execute arbitrary code on the target system. On systems configured with the SharePoint acceleration feature, a remote user can return specially crafted SharePoint responses to trigger a buffer overflow and execute arbitrary code on the target WAAS system. The code will run with elevated privileges on the target WAAS system.