# SANS ISC

# Krebs On Security

  • Phishing Gang is Audacious Manipulator Thu, 28 May 2015 14:59:26 +0000
    Cybercriminals who specialize in phishing -- or tricking people into giving up usernames and passwords at fake bank and ecommerce sites -- aren't generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. That's most definitely the case with a phishing gang that calls itself the "Manipulaters Team", whose Web site boasts that it specializes in brand research and development.
  • More Evidence of mSpy Apathy Over Breach Wed, 27 May 2015 16:31:44 +0000
    Mobile spyware maker mSpy has expended a great deal of energy denying and then later downplaying a breach involving data stolen from tens of thousands of mobile devices running its software. Unfortunately for victims of this breach, mSpy's lackadaisical response has left millions of screenshots taken from those devices wide open and exposed to the Internet via its own Web site.
  • IRS: Crooks Stole Data on 100K Taxpayers Via ‘Get Transcript’ Feature Tue, 26 May 2015 22:09:13 +0000
    In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS's own Web site to pull taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year.

# Bruce Schneier's blog

  • UN Report on the Value of Encryption to Freedom Worldwide Fri, 29 May 2015 07:49:12 -0500
    The United Nation's Office of the High Commissioner released a report on the value of encryption and anonymity to the world: Summary: In the present report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur addresses the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the...
  • Ransomware as a Service Thu, 28 May 2015 14:13:12 -0500
    Tox is an outsourced ransomware platform that everyone can use....
  • MOOC on Cybersecurity Thu, 28 May 2015 07:19:32 -0500
    The University of Adelaide is offering a new MOOC on "Cyberwar, Surveillance and Security." Here's a teaser video. I was interviewed for the class, and make a brief appearance in the teaser....
  • Terrorist Risks by City, According to Actual Data Wed, 27 May 2015 07:50:47 -0500
    I don't know enough about the methodology to judge it, but it's interesting: In total, 64 cities are categorised as 'extreme risk' in Verisk Maplecroft's new Global Alerts Dashboard (GAD), an online mapping and data portal that logs and analyses every reported terrorism incident down to levels of 100m² worldwide. Based on the intensity and frequency of attacks in the...
  • Race Condition Exploit in Starbucks Gift Cards Tue, 26 May 2015 16:51:25 -0500
    A researcher was able to steal money from Starbucks by exploiting a race condition in their gift-card value-transfer protocol. Basically, by initiating two identical web transfers at once, he was able to trick the system into recording them both. Normally, you could take a $5 gift card and move that money to another $5 gift card, leaving you with an...
  • Stink Bombs for Riot Control Tue, 26 May 2015 06:18:21 -0500
    They're coming to the US: It's called Skunk, a type of "malodorant," or in plainer language, a foul-smelling liquid. Technically nontoxic but incredibly disgusting, it has been described as a cross between "dead animal and human excrement." Untreated, the smell lingers for weeks. The Israeli Defense Forces developed Skunk in 2008 as a crowd-control weapon for use against Palestinians. Now...
  • Story of the ZooKeeper Poison-Packet Bug Mon, 25 May 2015 09:20:58 -0500
    Interesting story of a complex and deeply hidden bug -- with AES as a part of it....
  • Friday Squid Blogging: Giant Squid Washes Up in New Zealand Fri, 22 May 2015 16:39:17 -0500
    The latest one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • USPS Tracking Queries to Its Package Tracking Website Fri, 22 May 2015 12:33:36 -0500
    A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website....
  • Why the Current Section 215 Reform Debate Doesn't Matter Much Fri, 22 May 2015 05:45:35 -0500
    The ACLU's Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 -- 180 orders issued by this court. Only five...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • ClientResponse Subject Cross-Site Scripting Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.
  • E107 2.0 Alpha2 Cross Site Request Forgery Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.
  • FFmpeg 'libavcodec/pngdec.c' Out Of Bounds Denial Of Service Vulnerabilities Thu, 21 May 2015 00:00 GMT
    The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
  • IBM Rational Quality Manager Cross-Site Scripting Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
  • IBM WebSphere Service Registry Cross-Site Scripting Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML
  • NetIQ Access Manager Cross Site Request Forgery Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
  • OpenSSL Man In The Middle Handshake Protocol Traffic Vulnerabilities Thu, 21 May 2015 00:00 GMT
    The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support
  • OpenVAS Manager 'timezone' Parameter SQL Injection Vulnerabilities Thu, 21 May 2015 00:00 GMT
    SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
  • Oracle Java SE Remote Java SE Confidentiality Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D
  • Oracle Siebel Remote Siebel UI Framework Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.
  • Osclass 'contact.php' Arbitrary File Upload Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file.
  • PhpMyAdmin Inject Arbitrary Web Script Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
  • Redaxscript SQL Injection Vulnerabilities Thu, 21 May 2015 00:00 GMT
    templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
  • RobotStats Robots.lib.php Cross-Site Scripting Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.
  • SmoothWall Multiple Cross-Site Request Forgery Vulnerabilities Thu, 21 May 2015 00:00 GMT
    Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.
  • Softmagic.c In File Denial Of Service Vulnerabilities Thu, 21 May 2015 00:00 GMT
    softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash)
  • Strongswan IKEv2 Payloads Remote Denial Of Service Vulnerabilities Thu, 21 May 2015 00:00 GMT
    strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
  • Symantec Web Gateway Command Injection Vulnerabilities Thu, 21 May 2015 00:00 GMT
    The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
  • Juniper Junos JPPP Daemon Remote Denial Of Service Vulnerabilities Wed, 27 May 2015 00:00 GMT
    The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.
  • Apache Santuario 'XML Signature Verification' Security Bypass Vulnerabilities Thu, 28 May 2015 00:00 GMT
    Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.