[webapps] – CuteNews 2.0.3 – Arbitrary File Upload Vulnerability

CuteNews 2.0.3 - Arbitrary File Upload Vulnerability

[webapps] – WK UDID v1.0.1 iOS – Command Inject Vulnerability

WK UDID v1.0.1 iOS - Command Inject Vulnerability

Trump Hotel chain investigates potential payment card breach

Credit card hackers are said to have targeted a number of hotels, possibly as far back as February 2015.

Student claims Wassenaar Agreement prevents him from publishing dissertation

Grant Willcox, a student studying ethical hacking at the University of Northumbria in the UK, is claiming that the Wassenaar Agreement, an arms control treaty that was expanded last year to prohibit the export of various kinds of software exploit, is forcing him to censor his dissertation.

Willcox's research investigates ways in which Microsoft's EMET software can be bypassed. EMET is a security tool that includes a variety of mitigation techniques designed to make exploiting common memory corruption flaws harder. In the continuing game of software exploit cat and mouse, EMET raises the bar, making software bugs harder to take advantage of, but does not outright eliminate the problems. Willcox's paper explored the limitations of the EMET mitigations and looked at ways that malware could bypass them to enable successful exploitation. He also applied these bypass techniques to a number of real exploits.

Typically this kind of dissertation would be published in full. Security researchers routinely explore techniques for bypassing system protections, with this research being one of the things that guides the development of future mitigations. Similarly, publishing the working exploit code (with a safe payload, to prove the concept) is standard within the research community.

Read 4 remaining paragraphs | Comments

Mystery vandals are cutting fiber-optic cables in California – how worried should we be?

Somebody is cutting underground fiber-optic cables in Northern California and the FBI wants to know why. Just how vulnerable is the internet to sabotage?

FBI Offering $4.3 Million For Help Finding Cyber Most-Wanted

Big prize still going to whomever can help find Gameover ZeuS mastermind.

Harvard Suffers Data Breach Spanning Multiple Schools, Administration Networks

Investigation so far shows email and system login info may have been compromised, university says.

[webapps] – WordPress Albo Pretorio Online 3.2 – Multiple Vulnerabilities

WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities

[webapps] – Huawei Home Gateway UPnP/1.0 IGD/1.00 – Password Disclosure

Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure

[webapps] – Huawei Home Gateway UPnP/1.0 IGD/1.00 – Password Change Vulnerability

Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change Vulnerability

Smart Cities’ 4 Biggest Security Challenges

The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.

WikiLeaks: New intelligence briefs show US spied on German leader

On Wednesday, WikiLeaks published two new top-secret National Security Agency briefs that detail American and British espionage conducted against German leaders as they were discussing responses to the Greek economic crisis in 2011.

The organization also published a redacted list of 69 German government telephone numbers that were targeted for snooping. That list includes Oskar Lafontaine, who served as German finance minister from 1998 to 1999, when the German government was still based in Bonn—suggesting that this kind of spying has been going on for over 15 years at least.

As with the recent documents concerning NSA spying against France, WikiLeaks did not explain how it obtained the documents. However, it did share them with Greek, French, and German-language media, which all published them simultaneously on Wednesday evening, Europe time.

Read 9 remaining paragraphs | Comments

TV’s newest hacker drama “Mr. Robot” is technically sound, morally ambiguous

"Mr. Robot," USA Network's new hacker drama series, is good entertainment. But is it also a good depiction of hackers, hacking and infosec?

DDoS Attackers Exploiting ’80s-Era Routing Protocol

Latest wave of DDoS attacks abuses small office-home routers via the 27-year-old, outdated Routing Information Protocol Version 1 (RIPv1).

Android Malware On The Rise

By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million.

[webapps] – D-Link DSP-W w110 v1.05b01 – Multiple Vulnerabilities

D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities

[dos] – McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC

McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC

Researchers expose Dino, espionage malware with a French connection

Security researchers at ESET in Bratislava have published an analysis of another apparently state-sponsored cyber-espionage tool used to target computers in Iran—and potentially elsewhere. The malware, also recently mentioned by Kaspersky researchers, was named "Dino" by its developers and has been described as a "full featured espionage platform." And this advanced persistent threat malware, according to researchers, might as well come with a "fabriqué en France" stamp on it.

Based on analysis of Dino's code from a sample that infected systems in Iran in 2013, "We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware," ESET's Joan Calvet wrote in a blog post today. The Casper malware was part of a large-scale attack on Syrian computers last fall. "Dino contains interesting technical features, and also a few hints that the developers are French speaking," Calvet noted.

Other members of the "Animal Farm" malware family have been attributed to French intelligence agencies by researchers—including a 2011 analysis by Canada's Communications Security Establishment revealed by documents leaked by former National Security Agency contractor Edward Snowden. Dino shares attributes with the other members of the "Animal Farm" malware family and improves on many of the techniques of "Babar," the previous generation intelligence-gathering software implant.

Read 11 remaining paragraphs | Comments

Zeus and SpyEye crime syndicate taken down by Europol

A European operation coordinated by Europol and Eurojust has dismantled an online crime syndicate thought to have caused €2m of damage with the Zeus and SpyEye banking trojans.

FTC acts against dodgy mobile app that mined Dogecoin behind your back

The app was called "Prized," but it was the app vendor that took the prizes by co-opting your phone into a cryptocurrency mining botnet.

MIT’s Bitcoin-Inspired ‘Enigma’ Lets Computers Mine Encrypted Data

MIT’s Bitcoin-Inspired ‘Enigma’ Lets Computers Mine Encrypted Data

MIT says it's found a new, more efficient way to blend data mining with the privacy protections of encryption.

The post MIT’s Bitcoin-Inspired ‘Enigma’ Lets Computers Mine Encrypted Data appeared first on WIRED.











OPM shuts down background investigation portal because of vulnerability

The Office of Personnel Management has suspended operation of the Electronic Questionnaires for Investigations Processing (E-QIP) system, the web gateway used to submit materials for background investigations. The agency announced the move today, citing the discovery of a vulnerability in the portal during an ongoing review of the agency's security. "As a result, OPM has temporarily taken the E-QIP system offline for security enhancements," an agency spokesperson said in an official statement to press.

The flaw in E-QIP is reportedly not related to the massive breach of the OPM's systems, which may have exposed up to 18 million individuals' personal information. That information includes everything from social security number and date of birth to records of clearance adjudications, proceedings in which officials discuss reasons why an individual's security clearance may have been removed.

In some cases, adjudication data could include information about financial difficulties, sex lives, substance abuse, and other failings that could be used to potentially blackmail a person or otherwise coerce them into potentially giving up classified information.

Read 2 remaining paragraphs | Comments

[webapps] – C2Box 4.0.0(r19171) – CSRF Vulnerability

C2Box 4.0.0(r19171) - CSRF Vulnerability

[webapps] – Polycom RealPresence Resource Manager < 8.4 – Multiple Vulnerabilities

Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities

[webapps] – WedgeOS <= 4.0.4 – Multiple Vulnerabilities

WedgeOS <= 4.0.4 - Multiple Vulnerabilities

[webapps] – Watchguard XCS <=10.0 – Multiple Vulnerabilities

Watchguard XCS <=10.0 - Multiple Vulnerabilities

[webapps] – Novius 5.0.1 – Multiple Vulnerabilities

Novius 5.0.1 - Multiple Vulnerabilities

Latest Flash hole already exploited to deliver ransomware – update now!

Are you still using Flash in your browser? If so, make sure you've got the latest update from Adobe, even though it only came out last week.

Clever CryptoWall Spreading Via New Attacks

Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.

Two keys to rule them all: Cisco warns of default SSH keys on appliances

Cisco revealed a security vulnerability in a number of the company's network security virtual appliances that could give someone virtually unlimited access to them—default, pre-authorized keys for Secure Shell (SSH) sessions originally intended for "customer support" purposes. As Threatpost's Dennis Fisher reported, Cisco has released software patches that correct the problem, but there's no temporary workaround for systems that can't immediately be patched.

Cisco released an advisory on the vulnerability on June 25. There are two separate SSH key vulnerabilities for the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv).

The first is that these virtual machines, which run on VMware and KVM virtualization platforms, share a default authorized SSH key for remote login. "IP address connectivity to the management interface on the affected platform is the only requirement for the products to be exposed to this vulnerability," Cisco warned. "No additional configuration is required for this vulnerability to be exploited."

Read 3 remaining paragraphs | Comments

Turns Out the US Launched Its Zero-Day Policy in Feb 2010

Turns Out the US Launched Its Zero-Day Policy in Feb 2010

A newly released document from the FBI sheds a little more light on the government’s controversial policy around the use of zero-day exploits. Though there is still much we don’t know, the question of when the secretive policy was put into place is finally answered: February, 2010. It wasn’t until last year that the government […]

The post Turns Out the US Launched Its Zero-Day Policy in Feb 2010 appeared first on WIRED.









[webapps] – Koha <= 3.20.1 – Multiple XSS and XSRF Vulnerabilities

Koha <= 3.20.1 - Multiple XSS and XSRF Vulnerabilities

First look at the Pwn Pad 3, the latest in mobile security mayhem

Pwnie Express, the company that began as a builder of "drop boxes" for penetration testers and white-hat corporate hackers, has been evolving toward a more full-service security auditing platform vendor over the past few years while continuing to refine its hardware and software in ways that appeal to the corporate security set. Now Pwnie has released the third generation of its flagship mobile penetration testing platform, the Pwn Pad, bringing the Android and Kali Linux-based platform a step further away from the rough-hewn penetration testing tools it began with and into the realm of something with a lot more polish—and performance.

Pwnie Express' Mobile Platform Engineer Tim Mossey and Director of Research and Development Rick Farina recently gave Ars a walk-through of the Pwn Pad 3, which has just begun shipping out to pre-order customers. We expect to do a full review of the Pwn Pad 3 soon but wanted to get an early look at what to expect. The biggest visible change is the hardware itself, as Pwnie has left the relative comfort zone of Google's reference platform Nexus tablets and moved to the more powerful Nvidia Shield. But there are some changes behind the scenes as well that make the Pwn Pad 3 act more like an actual flagship commercial product and less like something way off the corporate reservation.

Full disclosure is in order here—Ars bought hardware from Pwnie Express to support our own security testing lab, and we enlisted help from Pwnie Chief Technology Officer Dave Porcello for our joint project with National Public Radio last year. So we've had a bit of experience with Pwnie's platform in many of its incarnations. We've also worked with a number of open source penetration tools, including the Kali Linux-based NetHunter platform for Android.

Read 8 remaining paragraphs | Comments

Stealthy Fobber Malware Takes Anti-Analysis To New Heights

5 Things You Probably Missed In The Verizon DBIR

A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).