# SANS ISC

# Reddit netsec

# Krebs On Security

  • Fraudsters Tap Kohl’s Cash for Cold Cash Thu, 11 Feb 2016 16:28:02 +0000
    Scam artists have been using hacked accounts from retailer Kohls.com to order high-priced, bulky merchandise that is then shipped to the victim's home. While the crooks don't get the stolen merchandise, the unauthorized purchases rack up valuable credits called "Kohl's cash" that the thieves quickly redeem at Kohl's locations for items that can be resold for cash or returned for gift cards.
  • Critical Fixes Issued for Windows, Java, Flash Wed, 10 Feb 2016 21:37:32 +0000
    Microsoft Windows users and those with Adobe Flash Player or Java installed, it's time to update again! Microsoft released 13 updates to address some three dozen unique security vulnerabilities. Adobe issued security updates for its Flash Player software that plugs at least 22 security holes in the widely-used browser plugin. Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks.
  • Skimmers Hijack ATM Network Cables Tue, 09 Feb 2016 15:55:45 +0000
    If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.

# Bruce Schneier's blog

  • Friday Squid Blogging : Pajama Squid Fri, 12 Feb 2016 16:05:58 -0600
    The Monterey Bay Aquarium has a pajama squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Fitbit Data Reveals Pregnancy Fri, 12 Feb 2016 12:16:28 -0600
    A man learned his wife was pregnant from her Fitbit data. The details of the story are weird. The man posted the data to Reddit and asked for analysis help. But the point is that the data can reveal pregnancy, and this might not be something a person wants to tell a company who can sell that information for profit....
  • Determining Physical Location on the Internet Fri, 12 Feb 2016 06:19:02 -0600
    Interesting research: "CPV: Delay-based Location Verification for the Internet": Abstract: The number of location-aware services over the Internet continues growing. Some of these require the client's geographic location for security-sensitive applications. Examples include location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing geolocation techniques, e.g., by faking GPS coordinates...
  • Worldwide Encryption Products Survey Thu, 11 Feb 2016 11:05:33 -0600
    Today I released my worldwide survey of encryption products. The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to...
  • Make Privacy a 2016 Election Issue Thu, 11 Feb 2016 06:13:58 -0600
    EPIC has just launched "Data Protection 2016" to try to make privacy an issue in this year's elections. You can buy swag....
  • AT&T Does Not Care about Your Privacy Wed, 10 Feb 2016 13:59:32 -0600
    AT&T's CEO believes that the company should not offer robust security to its customers: But tech company leaders aren't all joining the fight against the deliberate weakening of encryption. AT&T CEO Randall Stephenson said this week that AT&T, Apple, and other tech companies shouldn't have any say in the debate. "I don't think it is Silicon Valley's decision to make...
  • 10,000-Year-Old Warfare Wed, 10 Feb 2016 05:29:00 -0600
    Evidence of primitive warfare from Kenya's Rift Valley....
  • The 2016 National Threat Assessment Tue, 09 Feb 2016 15:25:27 -0600
    It's National Threat Assessment Day. Published annually by the Director of National Intelligence, the "Worldwide Threat Assessment of the US Intelligence Community" is the US intelligence community's one time to publicly talk about the threats in general. The document is the results of weeks of work and input from lots of people. For Clapper, it's his chance to shape the...
  • Large-Scale FBI Hacking Tue, 09 Feb 2016 06:25:51 -0600
    As part of a child pornography investigation, the FBI hacked into over 1,300 computers. But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered" by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a...
  • Data and Goliath Published in Paperback Mon, 08 Feb 2016 14:11:54 -0600
    Today, Data and Goliath is being published in paperback. Everyone tells me that the paperback version sells better than the hardcover, even though it's a year later. I can't really imagine that there are tens of thousands of people who wouldn't spend $28 on a hardcover but are happy to spend $18 on the paperback, but we'll see. (Amazon has...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Siemens SIMATIC Communication Processor Vulnerability Tue, 09 Feb 2016 00:00 GMT
    Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102.
  • Xen Host Crash Vulnerability Tue, 09 Feb 2016 00:00 GMT
    Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.
  • Adobe Flash Player 18.0.0.261 Remote Code-Execution Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code
  • Android Wi-Fi Information Disclouser Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access
  • ATutor PHP Code Injection Vulnerability Wed, 10 Feb 2016 00:00 GMT
    Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
  • Cisco Firepower 9000 Operating System Command Injection Vulnerability Wed, 10 Feb 2016 00:00 GMT
    web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters
  • EMC Isilon OneFS Privilege Escalation Vulnerability Wed, 10 Feb 2016 00:00 GMT
    EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges
  • Google Chrome 47.0.2526.73 Same Origin Policy Vulnerability Wed, 10 Feb 2016 00:00 GMT
    The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy
  • HP LoadRunner Virtual Table Server Local Code Execution Vulnerability Wed, 10 Feb 2016 00:00 GMT
    Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code
  • IBM Security QRadar Incident Forensics Cross-Site Scripting Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
  • Jenkins XML External Entity Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    XML external entity (XXE) vulnerability in the create-job CLI command in CloudBees Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
  • Linux Kernel Packet Loss Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon,
  • Mediawiki Potentially Sensitive Information Disclouser Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.
  • Microsoft Internet Explorer 11 Denial Of Service Vulnerability Wed, 10 Feb 2016 00:00 GMT
    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"
  • MIT Kerberos Incorrect Pointer Read Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
  • Mozilla Firefox Obtain Sensitive Hostname Information Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.
  • Multiple Rockwell Automation Micrologix Products ICSA-15-300-03 SQL Injection Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
  • OpenSSL NULL Pointer Dereference Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
  • PCRE Multiple Heap Based Buffer Overflow Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
  • Samsung Galaxy S6 Edge Denial Of Service Vulnerabilities Wed, 10 Feb 2016 00:00 GMT
    The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.