# SANS ISC

# threatpost.com

  • Google Provides Detailed Analysis of GitHub Attack Traffic Fri, 24 Apr 2015 17:46:47 +0000
    The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]
  • Podcast: News From RSA 2015 Thu, 23 Apr 2015 21:52:14 +0000
    Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news of the week from the RSA Conference.
  • Active Defense Can Give Pause to Threats Thu, 23 Apr 2015 21:17:12 +0000
    Enterprises can use existing networking tools to put up internal barriers against hackers in order to frustrate them on to other targets.
  • Bypassing OS X Security Tools is Trivial, Researcher Says Thu, 23 Apr 2015 18:35:19 +0000
    SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence […]
  • iOS Vulnerability Could Force Devices Into Endless Reboot Loop Thu, 23 Apr 2015 17:14:34 +0000
    Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.
  • The Real ‘Next Generation’ of Security Revealed at RSA Wed, 22 Apr 2015 21:40:18 +0000
    During his RSA keynote today, Juniper Networks' Chris Hoff shared the stage with 9-year-old hacker Reuben Paul, in a talk meant to be a call to action for the security industry to teach young programmers security and privacy from the outset.
  • Microsoft Launches Project Spartan Bounty Wed, 22 Apr 2015 20:36:35 +0000
    Microsoft announced a two-month bug bounty for its new Project Spartan browser.
  • Privacy Goal: More Controls in Users’ Hands Wed, 22 Apr 2015 20:10:42 +0000
    The chief privacy officers of Microsoft, Facebook and Google today at RSA Conference discussed how their respective companies want to put more privacy controls in users' hands.
  • White House, State Department Counted Among CozyDuke APT Victims Wed, 22 Apr 2015 19:09:54 +0000
    A data-mining advanced persistent threat hit a handful of high profile targets last year, including the White House’s computer network.
  • Threat Intelligence Sharing Still Seen as a Challenge Wed, 22 Apr 2015 19:03:13 +0000
    SAN FRANCISCO–The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat of attacks and data breaches. The benefits of sharing threat intelligence are […]

# Reddit netsec

# Krebs On Security

  • Taking Down Fraud Sites is Whac-a-Mole Mon, 20 Apr 2015 06:57:17 +0000
    I’ve been doing quite a bit of public speaking lately — usually about cybercrime and underground activity — and there’s one question that nearly always comes from the audience: “Why are these fraud Web sites allowed to operate, and not simply taken down?” This post is intended to serve as the go-to spot for answering […]
  • POS Providers Feel Brunt of PoSeidon Malware Wed, 15 Apr 2015 14:35:16 +0000
    "PoSeidon," a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale (POS) devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels. The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud.
  • Critical Updates for Windows, Flash, Java Tue, 14 Apr 2015 18:34:30 +0000
    Get your patch chops on people, because chances are you're running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication.

# Bruce Schneier's blog

  • Friday Squid Blogging: The Unique Reproductive Habits of the Vampire Squid Fri, 24 Apr 2015 16:43:50 -0500
    Interesting: While most female squid and octopuses have just one reproductive cycle before they die, vampire squid go through dozens of egg-making cycles in their lifetimes, scientists have found. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Signed Copies of Data and Goliath Fri, 24 Apr 2015 14:12:44 -0500
    You can now order signed copies of Data and Goliath from my website....
  • Federal Trade Commissioner Julie Brill on Obscurity Fri, 24 Apr 2015 12:42:18 -0500
    I think this is good: Obscurity means that personal information isn't readily available to just anyone. It doesn't mean that information is wiped out or even locked up; rather, it means that some combination of factors makes certain types of information relatively hard to find. Obscurity has always been an important component of privacy. It is a helpful concept because...
  • The Further Democratization of QUANTUM Fri, 24 Apr 2015 08:55:14 -0500
    From my book Data and Goliath: ...when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection­ -- basically, a technology that allows the agency to hack into computers. Turns out, though, that the...
  • An Incredibly Insecure Voting Machine Thu, 23 Apr 2015 07:19:58 -0500
    Wow: The weak passwords -- which are hard-coded and can't be changed -- were only one item on a long list of critical defects uncovered by the review. The Wi-Fi network the machines use is encrypted with wired equivalent privacy, an algorithm so weak that it takes as little as 10 minutes for attackers to break a network's encryption key....
  • "Hinky" in Action Wed, 22 Apr 2015 08:40:41 -0500
    In Beyond Fear I wrote about trained officials recognizing "hinky" and how it differs from profiling: Ressam had to clear customs before boarding the ferry. He had fake ID, in the name of Benni Antoine Noris, and the computer cleared him based on this ID. He was allowed to go through after a routine check of his car's trunk, even...
  • Hacking Airplanes Tue, 21 Apr 2015 13:40:04 -0500
    Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes. It's certainly...
  • Hacker Detained by FBI after Tweeting about Airplane Software Vulnerabilities Tue, 21 Apr 2015 05:26:50 -0500
    This is troubling: Chris Roberts was detained by FBI agents on Wednesday as he was deplaning his United flight, which had just flown from Denver to Syracuse, New York. While on board the flight, he tweeted a joke about taking control of the plane's engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft's functions,...
  • Counting the US Intelligence Community Leakers Mon, 20 Apr 2015 11:18:02 -0500
    It's getting hard to keep track of the US intelligence community leakers without a scorecard. So here's my attempt: Leaker #1: Chelsea Manning. Leaker #2: Edward Snowden. Leaker #3: The person who leaked secret documents to Jake Appelbaum, Laura Poitras, and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules. My guess is that this...
  • New Top Secret Information on the US's Drone Program Mon, 20 Apr 2015 07:16:57 -0500
    New operational information on the US's drone program, published by the Intercept and Der Speigel....

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • JExperts Channel Multiple Remote Privilege Escalation Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.
  • Juniper Junos Security Bypass Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
  • KDE Workspace Arbitrary Command Execution Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
  • Linux Kernel 'keys/gc.c' Local Memory Corruption Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
  • Linux Kernel Local Information Disclosure Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
  • Microsoft Internet Explorer Use After Free Remote Code Execution Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting.
  • Multiple Cisco Products Multiple Cross Site Scripting Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML
  • Multiple EMC Documentum Products Cross Site Request Forgery Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
  • OpenStack Neutron Local Denial Of Service Vulnerabilities Wed, 22 Apr 2015 00:00 GMT
    The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each
  • Argyle Social Cross-site Request Forgery Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create.
  • Cisco MDS 9000 NX-OS Software Denial Of Service Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic
  • Cisco Prime Security Manager Multiple Cross Site Scripting Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter
  • Drupal Avatar Uploader Module Information Disclosure Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
  • GameHouse RealArcade Installer Local Arbitrary Code Execution Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.
  • IBM Security Access Manager Cookie Information Disclosure Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
  • Kofax E-Transactions Sender Sendbox ActiveX Control Insecure Method Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument.
  • ManageEngine Password Manager Pro Directory Traversal Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
  • Microsoft Internet Explorer Denial Of Service Memory Corruption Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
  • OpenStack Horizon Login Page Denial Of Service Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
  • ProjectSend Image Description Cross-Site Scripting Vulnerabilities Thu, 23 Apr 2015 00:00 GMT
    Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload