# SANS ISC

# threatpost.com

  • FBI Officially Blames North Korea in Sony Hacks Fri, 19 Dec 2014 18:44:49 +0000
    The FBI has officially stated that North Korea is in fact responsible for the recent cyberattack targeting Sony Pictures Entertainment.
  • Exploits Circulating for Remote Code Execution Flaws in NTP Protocol Fri, 19 Dec 2014 18:33:17 +0000
    Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used […]
  • GitHub Fixes Critical Vulnerability, Urges Users to Update Immediately Fri, 19 Dec 2014 17:37:24 +0000
    GitHub is encouraging Mac and Windows users to immediately install an update that resolves a serious arbitrary code execution vulnerability.
  • Dave Aitel on the Sony Hack Fri, 19 Dec 2014 16:58:13 +0000
    Dennis Fisher and security expert Dave Aitel discuss the Sony hack and why it makes sense for North Korea to be responsible for it.
  • Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines Fri, 19 Dec 2014 15:10:08 +0000
    Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an […]
  • USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds Fri, 19 Dec 2014 12:00:26 +0000
    Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in […]
  • 12 Million Home Routers Vulnerable to Takeover Thu, 18 Dec 2014 17:23:55 +0000
    Check Point has disclosed few details on a cookie vulnerability in the RomPager webserver running inside 12 million embedded devices. The flaw puts home routers at risk to attack.
  • Critical Remotely Exploitable Bugs Found in Schneider Electric ProClima Software Thu, 18 Dec 2014 15:58:29 +0000
    There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities. The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions […]
  • Ryan Olson on the CoolReaper Backdoor Thu, 18 Dec 2014 15:01:16 +0000
    Dennis Fisher talks with Ryan Olson of Palo Alto Networks about their discovery and analysis of the CoolReaper backdoor on some Coolpad Android devices sold in China.
  • White House to Blame Sony Hack on North Korea Thu, 18 Dec 2014 14:57:47 +0000
    The White House reportedly will attribute the Sony hack to North Korea, but will hold off on a public announcement until it figures out a response.

# Reddit netsec

# Krebs On Security

  • Staples: 6-Month Breach, 1.16 Million Cards Fri, 19 Dec 2014 23:03:07 +0000
    Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.
  • FBI: North Korea to Blame for Sony Hack Fri, 19 Dec 2014 18:50:12 +0000
    The FBI today said it has determined that the North Korean government is responsible for the devastating recent hack attack against Sony Pictures Entertainment. Here's a brief look the FBI's statement, what experts are learning about North Korea's cyberattack capabilities, and what this incident means for other corporations going forward.
  • Complex Solutions to a Simple Problem Thu, 18 Dec 2014 14:26:52 +0000
    My inbox has been flooded of late with pitches for new technologies aimed at making credit cards safer and more secure. Many of these solutions are exceedingly complex and overwrought -- if well-intentioned -- responses to a problem that we already know how to solve.Here's a look at a few of the more elaborate approaches.

# Bruce Schneier's blog

  • Friday Squid Blogging: Squid Beard Fri, 19 Dec 2014 16:04:40 -0600
    Impressive. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Lessons from the Sony Hack Fri, 19 Dec 2014 12:44:19 -0600
    Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment's computer systems and began revealing many of the Hollywood studio's best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama's presumed movie-watching preferences) to the personnel data of employees, including salaries and...
  • SS7 Vulnerabilities Fri, 19 Dec 2014 06:41:24 -0600
    There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network....
  • ISIS Cyberattacks Thu, 18 Dec 2014 10:07:07 -0600
    Citizen Lab has a new report on a probable ISIS-launched cyberattack: This report describes a malware attack with circumstantial links to the Islamic State in Iraq and Syria. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise. A Syrian citizen media group critical of Islamic State of Iraq...
  • The Limits of Police Subterfuge Thu, 18 Dec 2014 06:57:49 -0600
    "The next time you call for assistance because the Internet service in your home is not working, the 'technician' who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and -- ­when he shows up at your door, impersonating a technician­ -- let...
  • How the FBI Unmasked Tor Users Wed, 17 Dec 2014 06:44:57 -0600
    Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identify Tor users....
  • Fake Cell Towers Found in Norway Tue, 16 Dec 2014 11:34:04 -0600
    In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop. This is happening in the US, too. Remember the rule: we're all using the same infrastructure, so we can either keep it insecure so we -- and...
  • Understanding Zero-Knowledge Proofs Mon, 15 Dec 2014 13:13:46 -0600
    Matthew Green has a good primer....
  • Over 700 Million People Taking Steps to Avoid NSA Surveillance Mon, 15 Dec 2014 06:07:59 -0600
    There's a new international survey on Internet security and trust, of "23,376 Internet users in 24 countries," including "Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States." Amongst the findings, 60% of Internet users have heard of Edward...
  • Friday Squid Blogging: Recreational Squid Fishing in Washington State Fri, 12 Dec 2014 16:32:17 -0600
    There is year-round recreational squid fishing from the Strait of Juan de Fuca to south Puget Sound. A nighttime sport that requires simple, inexpensive fishing tackle, squid fishing-or jigging-typically takes place on the many piers and docks throughout the Puget Sound region As usual, you can also use this squid post to talk about the security stories in the news...

# WIRED Threat Level

# exploit-db.com

# Securiteam