# SANS ISC

# Reddit netsec

# Krebs On Security

  • Home Depot: 56M Cards Impacted, Malware Contained Thu, 18 Sep 2014 21:59:56 +0000
    Home Depot said today that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record.
  • In Home Depot Breach, Investigation Focuses on Self-Checkout Lanes Thu, 18 Sep 2014 18:27:14 +0000
    The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding means thieves probably stole far fewer cards during the almost five-month breach than they might have otherwise.
  • Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm Thu, 18 Sep 2014 14:40:25 +0000
    How much are your medical records worth in the cybercrime underground? This week, KrebsOnSecurity discovered medical records being sold in bulk for as little as $6.40 apiece. The digital documents, several of which were obtained by sources working with this publication, were stolen from a Texas-based life insurance company that now says it is working with federal authorities on an investigation into an apparent data breach.

# Bruce Schneier's blog

  • Friday Squid Blogging: Colossal Squid Dissected in New Zealand Fri, 19 Sep 2014 16:29:07 -0500
    Months after it was found in August, scientists have dissected a colossal squid. There's even video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • iOS 8 Security Fri, 19 Sep 2014 12:54:59 -0500
    Apple claims that they can no longer unlock iPhones, even if the police show up with a warrant. Of course they still have access to everything in iCloud, but it's a start. EDITED TO ADD (9/19): Android is doing the same thing....
  • Fake Cell Phone Towers Across the US Fri, 19 Sep 2014 06:11:31 -0500
    Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US These seems to be IMSI catchers, like Harris Corporation's Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone...
  • Terrible Article on Vernam Ciphers Thu, 18 Sep 2014 14:09:48 -0500
    If there's anything that confuses wannabe cryptographers, it's one-time pads....
  • The Full Story of Yahoo's Fight Against PRISM Thu, 18 Sep 2014 07:13:50 -0500
    In 2008, Yahoo fought the NSA to avoid becoming part of the PRISM program. It eventually lost the court battle, and at one point was threatened with a $250,000 a day fine if it continued to resist. I am continually amazed at the extent of the government coercion....
  • Identifying Dread Pirate Roberts Wed, 17 Sep 2014 14:30:45 -0500
    According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users' true location....
  • Tracking People From their Cell Phones with an SS7 Vulnerability Wed, 17 Sep 2014 07:15:19 -0500
    What's interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability....
  • Two New Snowden Stories Mon, 15 Sep 2014 14:25:35 -0500
    New Zealand is spying on its citizens. Edward Snowden weighs in personally. The NSA and GCHQ are mapping the entire Internet, including hacking into Deutsche Telekom and other companies. EDITED TO ADD (9/18): Marcy Wheeler comments on the second story, noting that the NSA uses this capability to map MAC addresses....
  • Security of the SHA Family of Hash Functions Mon, 15 Sep 2014 09:26:00 -0500
    Good article on the insecurity of SHA-1 and the need to replace it sooner rather than later....
  • Friday Squid Blogging: 200-Pound Squid Found in Gulf of Mexico Fri, 12 Sep 2014 16:26:13 -0500
    A 200-pound dead giant squid was found near the coast of Matagorda, Texas. This is only the third giant squid ever found in the Gulf of Mexico. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • IBM WebSphere Service Registry And Repository Cross-Site Scripting Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  • Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Microsoft Debug Interface Access SDK is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
  • Oracle Supply Chain Products Suite 9.3.3.0 Information Disclosure Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
  • Python Commandline Symlink Attack Vulnerability Fri, 25 Jul 2014 00:00 GMT
    Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
  • Apache CloudStack Authentication Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Apache CloudStack is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions, which may aid in further attacks.
  • Apple Safari Restriction Bypass Vulnerability Wed, 30 Jul 2014 00:00 GMT
    WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
  • ASUS RT Routers ShellCode Injection Vulnerability Wed, 30 Jul 2014 00:00 GMT
    The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
  • Cisco IOS XE Software PPPoE Packet Handling Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Cisco IOS XE Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users.
  • Cisco Wide Area Application Services Buffer Overflow Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in Cisco Wide Area Application Services (WAAS). A remote user can execute arbitrary code on the target system. On systems configured with the SharePoint acceleration feature, a remote user can return specially crafted SharePoint responses to trigger a buffer overflow and execute arbitrary code on the target WAAS system. The code will run with elevated privileges on the target WAAS system.
  • Django Cross Site Request Forgery Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Django is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. Django versions prior to 1.4.11, prior to 1.5.6 and prior to 1.6.3 are vulnerable.
  • FreeIPA Cross-Realm Trust key Information Disclosure Vulnerability Wed, 30 Jul 2014 00:00 GMT
    FreeIPA is prone to an information-disclosure vulnerability. Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks.
  • HP IceWall MCRP And HP IceWall SSO Denial Of Service Vulnerability Wed, 30 Jul 2014 00:00 GMT
    A vulnerability was reported in HP IceWall MCRP and HP IceWall SSO. A remote user can cause denial of service conditions.
  • IBM Rational Rhapsody Design Manager 4.0.6 Remote Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
  • Juniper NSM XDB Service Arbitrary Code Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
  • Microsoft Internet Explorer Remote Code Execution Vulnerability Wed, 30 Jul 2014 00:00 GMT
    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
  • Apache CloudStack Information Disclosure Vulnerability Thu, 14 Aug 2014 00:00 GMT
    Apache CloudStack could allow a remote attacker to obtain sensitive information, caused by the use of a predictable hash sequence when generating virtual machine console URLs. An attacker could exploit this vulnerability to gain unauthorized access to console proxy URLs and obtain sensitive information.
  • Asterisk 11.8.1 Stack Overflow Vulnerability Thu, 14 Aug 2014 00:00 GMT
    main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
  • Cisco Identity Services Engine RADIUS Denial Of Service Vulnerability Thu, 14 Aug 2014 00:00 GMT
    A vulnerability was reported in Cisco Identity Services Engine. A remote authenticated user can cause denial of service conditions. A remote authenticated user can send specially crafted Remote Authentication Dial-In User Service (RADIUS) packets to trigger a deadlock and cause the target RADIUS service to become unresponsive.
  • Cisco NX-OS Software Arbitrary File Read Vulnerability Thu, 14 Aug 2014 00:00 GMT
    Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input.
  • Cogent Real-Time Systems DataHub 'GetPermissions.asp' Remote Code Execution Vulnerability Thu, 14 Aug 2014 00:00 GMT
    GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.