# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

  • Safeway Self-Checkout Skimmer Close Up Wed, 03 Feb 2016 15:46:58 +0000
    In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn't disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device.
  • Good Riddance to Oracle’s Java Plugin Tue, 02 Feb 2016 15:10:54 +0000
    Good news: Oracle says the next major version of its Java software will no longer plug directly into the user's Web browser. This long overdue step should cut down dramatically on the number of computers infected with malicious software via opportunistic, so-called "drive-by" download attacks that exploit outdated Java plugins across countless browsers and multiple operating systems.
  • Sources: Security Firm Norse Corp. Imploding Sat, 30 Jan 2016 13:51:51 +0000
    Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff.

# Bruce Schneier's blog

  • NSA Reorganizing Fri, 05 Feb 2016 15:15:21 -0600
    The NSA is undergoing a major reorganization, combining its attack and defense sides into a single organization: In place of the Signals Intelligence and Information Assurance directorates ­ the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively ­ the NSA is creating a Directorate of Operations that combines the operational elements of each....
  • Tracking Anonymous Web Users Fri, 05 Feb 2016 06:56:58 -0600
    This research shows how to track e-commerce users better across multiple sessions, even when they do not provide unique identifiers such as user IDs or cookies. Abstract: Targeting individual consumers has become a hallmark of direct and digital marketing, particularly as it has become easier to identify customers as they interact repeatedly with a company. However, across a wide variety...
  • The Internet of Things Will Be the World's Biggest Robot Thu, 04 Feb 2016 06:18:27 -0600
    The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other. These "things" will have two separate parts. One...
  • Security vs. Surveillance Wed, 03 Feb 2016 06:09:02 -0600
    Both the "going dark" metaphor of FBI Director James Comey and the contrasting "golden age of surveillance" metaphor of privacy law professor Peter Swire focus on the value of data to law enforcement. As framed in the media, encryption debates are about whether law enforcement should have surreptitious access to data, or whether companies should be allowed to provide strong...
  • Paper on the Going Dark Debate Tue, 02 Feb 2016 14:20:09 -0600
    I am pleased to have been a part of this report, part of the Berkman Center's Berklett Cybersecurity project: Don't Panic: Making Progress on the "Going Dark" Debate From the report: In this report, we question whether the "going dark" metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively...
  • More Details on the NSA Switching to Quantum-Resistant Cryptography Tue, 02 Feb 2016 07:11:56 -0600
    The NSA is publicly moving away from cryptographic algorithms vulnerable to cryptanalysis using a quantum computer. It just published a FAQ about the process: Q: Is there a quantum resistant public-key algorithm that commercial vendors should adopt? A: While a number of interesting quantum resistant public key algorithms have been proposed external to NSA, nothing has been standardized by NIST,...
  • NSA and GCHQ Hacked Israeli Drone Feeds Mon, 01 Feb 2016 14:27:09 -0600
    The NSA and GCHQ have successfully hacked Israel's drones, according to the Snowden documents. The story is being reported by the Intercept and Der Spiegel. The Times of Israel has more....
  • NSA's TAO Head on Internet Offense and Defense Mon, 01 Feb 2016 06:42:50 -0600
    Rob Joyce, the head of the NSA's Tailored Access Operations (TAO) group -- basically the country's chief hacker -- spoke in public earlier this week. He talked both about how the NSA hacks into networks, and what network defenders can do to protect themselves. Here's a video of the talk, and here are two good summaries. Intrusion Phases Reconnaissance Initial...
  • Friday Squid Blogging: Polynesian Squid Hook Fri, 29 Jan 2016 16:23:16 -0600
    From 1909, for squid fishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Encryption Backdoor Comic Fri, 29 Jan 2016 14:21:36 -0600
    "Support our Snoops."...

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • TIBCO Spotfire Server Sensitive System Information Disclouser Vulnerabilities Tue, 02 Feb 2016 00:00 GMT
    Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an URL
  • Adobe Flash Player And AIR APSB15-28 Multiple Use After Free Remote Code Execution Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atomsAdobe Flash Player and AIR APSB15-28 Multiple Use After Free Remote Code Execution Vulnerabilities
  • Android Screenshot Information Disclouser Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application
  • Apple IOS Obtain Sensitive Information Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
  • Cisco ASR 5000 Series Telnetd Denial Of Service Vulnerability Wed, 03 Feb 2016 00:00 GMT
    Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection
  • Citrix NetScaler Service Delivery Appliance Multiple Cross Site Scripting Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML
  • Cyrus IMAP Out-Of-Bounds Heap Read Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
  • FFmpeg Out-Of-Bounds Array Access Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.
  • Google Android Mediaserver Arbitrary Code Execution Vulnerability Wed, 03 Feb 2016 00:00 GMT
    mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148
  • Google Chrome Before 47.0.2526.73 Denial Of Service Vulnerability Wed, 03 Feb 2016 00:00 GMT
    Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc.
  • IBM Domino GIF Parsing SMTP Daemon Crash Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ
  • Infinite Automation Systems Mango Automation OS Commands Execution Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands
  • Janitza UMG Products ICSA-15-265-03 Sensitive Network-Connection Information Disclouser Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235.
  • Libsndfile Denial Of Service Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
  • Mediawiki Installation Path Disclouser Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.
  • Oracle Java SE Embedded RMI Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI
  • Oracle MySQL Server Availability Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB
  • Oracle MySQL Server InnoDB Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
  • Oracle MySQL Server Related To DML Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML
  • PCRE Buffer Overflow Vulnerabilities Wed, 03 Feb 2016 00:00 GMT
    PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.