# SANS ISC

# threatpost.com

  • Google Ups Chrome Bug Bounty, Offers More Money For Exploits Tue, 30 Sep 2014 18:10:33 +0000
    Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submit a working exploit for […]
  • OpenVPN Vulnerable to Shellshock Bash Vulnerability Tue, 30 Sep 2014 16:47:59 +0000
    OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it's pre-authentication in OpenVPN.
  • New Signed Version of CryptoWall Ransomware On the Loose Tue, 30 Sep 2014 14:37:51 +0000
    Researchers have discovered a variant of the CryptoWall ransomware that has a valid digital signature and is being distributed through malicious ads on several top-ranked Alexa Web sites. CryptoWall is one of the more successful ransomware strains in recent memory, with researchers estimating last month that the malware had grossed more than $1 million for […]
  • Apple Patches Shellshock Vulnerability in Bash for OS X Mon, 29 Sep 2014 22:34:58 +0000
    Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.
  • WPScan Vulnerability Database a New WordPress Security Resource Mon, 29 Sep 2014 20:31:51 +0000
    Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It's available for pen-testers, WordPress administrators and developers.
  • RadEditor Web Editor Vulnerable To XSS Attacks Mon, 29 Sep 2014 16:15:03 +0000
    All versions of an HTML editor used in several Microsoft properties, including ASP.NET, suffer from a high-risk cross-site scripting (XSS) vulnerability.
  • CloudFlare Rolls Out Free SSL Mon, 29 Sep 2014 15:29:32 +0000
    In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available […]
  • FBI to Open Up Malware Investigator Portal to External Researchers Mon, 29 Sep 2014 14:22:08 +0000
    SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. […]
  • Apple: OS X Safe By Default Against Bash Vulnerability Fri, 26 Sep 2014 18:14:44 +0000
    Apple said it is working on a patch for OS X to counter the Bash vulnerability, but in the meantime is telling users the OS is safe by default.
  • Government Requests for Yahoo Data Down Slightly Fri, 26 Sep 2014 14:34:20 +0000
    Yahoo published its third Transparency Report, which reveals that it fielded fewer requests for user data than the previous reporting period, and that it also received between 0-999 National Security Letters.

# Reddit netsec

# Krebs On Security

  • Apple Releases Patches for Shellshock Bug Tue, 30 Sep 2014 04:09:03 +0000
    Apple has released updates to insulate Mac OS X systems from the dangerous "Shellshock" bug, a pervasive vulnerability that is already being exploited in active attacks.
  • We Take Your Privacy and Security. Seriously. Mon, 29 Sep 2014 20:14:18 +0000
    "Please note that [COMPANY NAME] takes the security of your personal data very seriously." If you've been on the Internet for any length of time, chances are very good that you've received at least one breach notification email or letter that includes some version of this obligatory line. But as far as lines go, this one is about as convincing as the classic break-up line, "It's not you, it's me."
  • Signature Systems Breach Expands Fri, 26 Sep 2014 15:35:39 +0000
    Signature Systems Inc., the point-of-sale vendor blamed for a credit and debit card breach involving some 216 Jimmy John's sandwich shop locations, now says the breach also may have jeopardized customer card numbers at nearly 100 other independent restaurants across the country that use its products.

# Bruce Schneier's blog

  • NSA Patents Available for License Mon, 29 Sep 2014 06:02:29 -0500
    There's a new article on NSA's Technology Transfer Program, a 1990s-era program to license NSA patents to private industry. I was pretty dismissive about the offerings in the article, but I didn't find anything interesting in the catalog. Does anyone see something I missed? My guess is that the good stuff remains classified, and isn't "transferred" to anyone. Slashdot thread....
  • Friday Squid Blogging: Squid Fishing Moves North in California Fri, 26 Sep 2014 16:28:15 -0500
    Warmer waters are moving squid fishing up the California coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Medical Records Theft and Fraud Fri, 26 Sep 2014 12:44:11 -0500
    There's a Reuters article on new types of fraud using stolen medical records. I don't know how much of this is real and how much is hype, but I'm certain that criminals are looking for new ways to monetize stolen data....
  • Security Trade-offs of Cloud Backup Thu, 25 Sep 2014 14:17:44 -0500
    This is a good essay on the security trade-offs with cloud backup: iCloud backups have not eliminated this problem, but they have made it far less common. This is, like almost everything in tech, a trade-off: Your data is far safer from irretrievable loss if it is synced/backed up, regularly, to a cloud-based service. Your data is more at risk...
  • Nasty Vulnerability found in Bash Thu, 25 Sep 2014 10:31:42 -0500
    It's a big and nasty one. Invariably we're going to see articles pointing at this and at Heartbleed and claim a trend in vulnerabilities in open-source software. If anyone has any actual data other than these two instances and the natural human tendency to generalize, I'd like to see it....
  • Julian Sanchez on the NSA and Surveillance Reform Wed, 24 Sep 2014 14:21:26 -0500
    Julian Sanchez of the Cato Institute has a lengthy audio interview on NSA surveillance and reform. Worth listening to....
  • Detecting Robot Handwriting Wed, 24 Sep 2014 07:12:41 -0500
    Interesting article on the arms race between creating robot "handwriting" that looks human, and detecting text that has been written by a robot. Robots will continue to get better, and will eventually fool all of us....
  • Lesson in Successful Disaster Planning Tue, 23 Sep 2014 13:09:26 -0500
    I found the story of the Federal Reserve on 9/11 to be fascinating. It seems they just flipped a switch on all their Y2K preparations, and it worked....
  • Kill Switches for Weapons Tue, 23 Sep 2014 08:22:53 -0500
    Jonathan Zittrain argues that our military weapons should be built with a kill switch, so they become useless when they fall into enemy hands....
  • Security for Vehicle-to-Vehicle Communications Mon, 22 Sep 2014 06:03:39 -0500
    The National Highway Traffic Safety Administration (NHTSA) has released a report titled "Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application." It's very long, and mostly not interesting to me, but there are security concerns sprinkled throughout: both authentication to ensure that all the communications are accurate and can't be spoofed, and privacy to ensure that the communications can't be used...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • IBM WebSphere Service Registry And Repository Cross-Site Scripting Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  • Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Microsoft Debug Interface Access SDK is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
  • Oracle Supply Chain Products Suite 9.3.3.0 Information Disclosure Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
  • Python Commandline Symlink Attack Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
  • Apache CloudStack Authentication Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Apache CloudStack is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions, which may aid in further attacks.
  • Apple Safari Restriction Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
  • ASUS RT Routers ShellCode Injection Vulnerability Wed, 30 Jul 2014 00:00 GMT
    The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
  • Cisco IOS XE Software PPPoE Packet Handling Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Cisco IOS XE Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users.
  • Cisco Wide Area Application Services Buffer Overflow Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in Cisco Wide Area Application Services (WAAS). A remote user can execute arbitrary code on the target system. On systems configured with the SharePoint acceleration feature, a remote user can return specially crafted SharePoint responses to trigger a buffer overflow and execute arbitrary code on the target WAAS system. The code will run with elevated privileges on the target WAAS system.
  • Django Cross Site Request Forgery Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Django is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. Django versions prior to 1.4.11, prior to 1.5.6 and prior to 1.6.3 are vulnerable.
  • FreeIPA Cross-Realm Trust key Information Disclosure Vulnerability Wed, 30 Jul 2014 00:00 GMT
    FreeIPA is prone to an information-disclosure vulnerability. Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks.
  • HP IceWall MCRP And HP IceWall SSO Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in HP IceWall MCRP and HP IceWall SSO. A remote user can cause denial of service conditions.
  • IBM Rational Rhapsody Design Manager 4.0.6 Remote Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
  • Juniper NSM XDB Service Arbitrary Code Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
  • Microsoft Internet Explorer Remote Code Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
  • Apache CloudStack Information Disclosure Vulnerability Thu, 14 Aug 2014 00:00 GMT
    Apache CloudStack could allow a remote attacker to obtain sensitive information, caused by the use of a predictable hash sequence when generating virtual machine console URLs. An attacker could exploit this vulnerability to gain unauthorized access to console proxy URLs and obtain sensitive information.
  • Asterisk 11.8.1 Stack Overflow Vulnerability Thu, 14 Aug 2014 00:00 GMT
    main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
  • Cisco Identity Services Engine RADIUS Denial Of Service Vulnerability Thu, 14 Aug 2014 00:00 GMT
    A vulnerability was reported in Cisco Identity Services Engine. A remote authenticated user can cause denial of service conditions. A remote authenticated user can send specially crafted Remote Authentication Dial-In User Service (RADIUS) packets to trigger a deadlock and cause the target RADIUS service to become unresponsive.
  • Cisco NX-OS Software Arbitrary File Read Vulnerability Thu, 14 Aug 2014 00:00 GMT
    Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input.
  • Cogent Real-Time Systems DataHub 'GetPermissions.asp' Remote Code Execution Vulnerability Thu, 14 Aug 2014 00:00 GMT
    GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.