# SANS ISC

# Reddit netsec

# Krebs On Security

  • POS Providers Feel Brunt of PoSeidon Malware Wed, 15 Apr 2015 14:35:16 +0000
    "PoSeidon," a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale (POS) devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels. The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud.
  • Critical Updates for Windows, Flash, Java Tue, 14 Apr 2015 18:34:30 +0000
    Get your patch chops on people, because chances are you're running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication.
  • White Lodging Confirms Second Breach Mon, 13 Apr 2015 12:30:12 +0000
    In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a "suspected" breach of point-of-sale systems at 10 locations.

# Bruce Schneier's blog

  • Friday Squid Blogging: Squid Hoodie Fri, 17 Apr 2015 16:31:51 -0500
    This is neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • The No-Fly List and Due Process Fri, 17 Apr 2015 06:54:44 -0500
    The Congressional Research Service has released a report on the no-fly list and current litigation that it violates due process....
  • How Many Vulnerabilities Are there in Software? Thu, 16 Apr 2015 06:27:54 -0500
    Dan Geer proposes some techniques for answering this question....
  • Metal Detectors at Sports Stadiums Wed, 15 Apr 2015 06:58:40 -0500
    Fans attending Major League Baseball games are being greeted in a new way this year: with metal detectors at the ballparks. Touted as a counterterrorism measure, they're nothing of the sort. They're pure security theater: They look good without doing anything to make us safer. We're stuck with them because of a combination of buck passing, CYA thinking, and fear....
  • John Oliver Interviews Edward Snowden Tue, 14 Apr 2015 12:40:18 -0500
    Wow, what an amazing segment and interview....
  • Two Thoughtful Essays on the Future of Privacy Tue, 14 Apr 2015 06:32:51 -0500
    Paul Krugman argues that we'll give up our privacy because we want to emulate the rich, who are surrounded by servants who know everything about them: Consider the Varian rule, which says that you can forecast the future by looking at what the rich have today -- that is, that what affluent people will want in the future is, in...
  • China's Great Cannon Mon, 13 Apr 2015 09:12:29 -0500
    Citizen Lab has issued a report on China's "Great Cannon" attack tool, used in the recent DDoS attack against GitHub. We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the "Great Cannon." The Great Cannon is not simply...
  • Friday Squid Blogging: The Longfin Inshore Squid Regularly Rewrites Its Own DNA Fri, 10 Apr 2015 16:16:24 -0500
    Wow. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Alternatives to the FBI's Manufacturing of Terrorists Fri, 10 Apr 2015 10:33:59 -0500
    John Mueller suggests an alternative to the FBI's practice of encouraging terrorists and then arresting them for something they would have never have planned on their own: The experience with another case can be taken to suggest that there could be an alternative, and far less costly, approach to dealing with would-be terrorists, one that might generally (but not always)...
  • Pepper-Spray Drones Thu, 09 Apr 2015 16:51:38 -0500
    India has purchased pepper-spray drones. EDITED TO ADD (4/10): Why this is a bad idea....

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • IBM Security Access Manager Cross-Site Request Forgery Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
  • Koha Multiple Cross Site Scripting Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl
  • Malwarebytes Anti-Exploit Mbae.sys Denial Of Service Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information
  • Meta Tags Quick Module For Drupal Open Redirect Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
  • Mozilla Firefox Thunderbird Multiple Memory Corruption Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Multiple vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
  • Multiple IBM DB2 Products Remote Daemon Crash Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.
  • Node.js Syntax-Error Module 'eval()' Function Arbitrary Code Execution Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
  • Oracle Directory Server Enterprise Edition Remote Security Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console.
  • Oracle Siebel Remote Siebel Core EAI Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.
  • QEMU 'cirrus_vga.c' Security Bypass Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions.
  • RiffVideo Buffer Overflow Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
  • Schneider Electric ProClima Buffer-Overflow Denial Of Service Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code
  • Simple Sticky Footer Plugin For WordPress Multiple Cross-Site Request Forgery Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.
  • Tapatalk For WoltLab Burning Board 'welcome.php' Multiple Cross Site Scripting Vulnerabilities Wed, 15 Apr 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter.
  • Adobe Flash Player And AIR Security Vulnerabilities Thu, 16 Apr 2015 00:00 GMT
    Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files
  • B2evolution 'admin.php' Cross-Site Scripting Vulnerabilities Thu, 16 Apr 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
  • Cisco IronPort Email Security Appliance Denial Of Service Vulnerabilities Thu, 16 Apr 2015 00:00 GMT
    The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages
  • D-Link DAP-1360 Login Cross-Site Request Forgery Vulnerabilities Thu, 16 Apr 2015 00:00 GMT
    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.
  • Enalean Tuleap 'svn/viewvc.php' Remote Command Execution Vulnerabilities Thu, 16 Apr 2015 00:00 GMT
    Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function
  • IBM Security Access Manager HTTP Information Disclosure Vulnerabilities Thu, 16 Apr 2015 00:00 GMT
    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.