SymmetricalDataSecurity: July 2015

Friday, July 31, 2015

Fresh Attack Vectors Found for Stagefright Android Flaw

In addition to MMS, devices can be infected using malicious video files that auto-play when opening a website, or via malicious apps or MP4 files.

from http://ift.tt/1IejGnr

IC3 Issues Alert on DDoS Extortion Campaigns

Original release date: July 31, 2015

The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a ransom. Businesses are warned against communicating directly with attackers and advised to use DDoS mitigation techniques instead.

Users and administrators are encouraged to review the IC3 Alert for details and US-CERT Security Tip ST04-015 for more information on DDoS attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1KFisaG

Sophos Reports $113.3Mn in Revenue for FY Q1

In its first earnings report since becoming a public company, Sophos Group said that its adjusted revenue grew 24.7% year over year in the latest quarter.

from http://ift.tt/1M24Lmq

1.5Mn Affected In Medical Information Engineering Hack

Several healthcare providers were affected by the attack, including local companies and national outlets, and the federal government.

from http://ift.tt/1LVo8w3

How blockchain is likely to transform IT and business

The technology underpinning the well-known cryptocurrency, Bitcoin, is really the star of the show. Here's why Blockchain will almost certainly lead to a digital transparency and trust revolution near you.

from Latest topics for ZDNet in Security http://ift.tt/1MCzqXv

Federal Court's data breach decision shows new tilt toward victims, class-action lawsuits

Federal courts beginning to recognize possibility of on-going harm to those who lose financial, personal data in a breach

from Latest topics for ZDNet in Security http://ift.tt/1KGaSKa

U.S. District Judge rules mobile-phone tracking does require a warrant

It's a tug of war for cell-phone privacy as U.S. District Judge Lucy Koh rules mobile-phone tracking does requires a warrant.

from Latest topics for ZDNet in Security http://ift.tt/1MCzqH8

Your Files Are Encrypted with a “Windows 10 Upgrade”

This post was authored by Nick Biasini with contributions from Craig Williams & Alex Chiu Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload. These campaigns are usually focussed around social events and are seen on a constant basis. Today, Talos discovered a spam campaign that was taking advantage of a different type of current event. Microsoft released Windows 10 earlier this week (July 29) and it will be available as a free upgrade to users who are [...]

from Cisco Blog » Security http://ift.tt/1I7N9S6

Bugtraq: phpFileManager 0.9.8 Remote Command Execution

phpFileManager 0.9.8 Remote Command Execution

from SecurityFocus Vulnerabilities http://ift.tt/1UcK34B

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos

Our researchers have now disclosed additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users. The “Stagefright” vulnerability is actually a marketing label for a cluster seven individual vulnerabilities.

Today’s Russian Underground has Automized Infrastructure and Sophisticated Tools

Our research paper offers a look into a mature ecosystem with an increasingly professional underground infrastructure for the sale and trade of malicious goods and services. It also discusses the growing competition, process automation, the introduction of new attack avenues, and its community’s underground activities.

Compromised TV and Government-Related Sites Lead to PoisonIvy

A recent campaign compromised Taiwan and Hong Kong sites to deliver Flash exploits related to Hacking Team and eventually download PoisonIvy and other payloads in user systems. This campaign started on July 9, a few days after the Hacking Team announced it was hacked.

We Discovered a Vulnerability That Renders Android Devices Silent

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop).

Windows 10’s New Browser Microsoft Edge is Improved, but also Brings New Risks

Last week we discussed how Microsoft Edge, the new browser in Windows 10, represented a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

The Government is Headed Back to the Drawing Board over Controversial Cybersecurity Export Rules

The cybersecurity industry and the government have been struggling over proposed export rules that researchers say could end up making the Internet less safe. And now the government says it will try again and give the public another chance to weigh in.

Know the 4 Takeaways from Ponemon’s 2015 Healthcare Security Report

A shockingly high 91% of respondents reported falling victim to at least one data breach in the last 2 years. The majority of respondents had suffered 11 or more incidents. Healthcare IT teams understand that these percentages are unacceptable, but until now have largely failed to effectively mitigate data breach threats.

The FBI is Facing Challenges with its Cybersecurity Program

A government watchdog has discovered several roadblocks preventing the FBI from fully implementing a cybersecurity initiative aimed at thwarting threats to the United States.

Cybersecurity Worries Among Executives Have Risen Sharply, According to New Survey

Of the executives surveyed from U.S. companies, law enforcement, government agencies, other organizations and other security experts, 75% said they were more concerned about cybersecurity threats this year than in the past 12 months.

Cybersecurity Research Institute Receives $1.73B in DOD Funding

The Defense Department announced Monday that it has renewed its contract with the Software Engineering Institute at Carnegie Mellon University, a federally funded research and development center chartered to study cybersecurity and software engineering.

Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.

from Trend Micro Simply Security http://ift.tt/1MXI6oC
via IFTTT

Changing the Way We Deliver Vulnerability and Threat Intelligence

We are making some changes to the way Cisco Security provides and shares vulnerability and threat intelligence to make it more consumable by our customers and the security community. The Cisco Security IntelliShield Service has been successfully delivering multi-vendor security intelligence to our customers for 15 years. During this time, the security intelligence market has continued to evolve to more integrated and automated solutions. Similarly, the Cisco Security strategy has evolved to add machine-readable security content. We have seen an [...]

from Cisco Blog » Security http://ift.tt/1eGo2uT

Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know

Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10. Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered

from The Hacker News http://ift.tt/1JVFHYn

Revealing Widespread Gas Station Cyber Attacks at Black Hat

Hacker waiting for something with binary code in background

At Trend Micro it’s always been our job to work out where the next threat is coming from, so we can offer the best protection possible to our customers. Sometimes people listen to us at shows and say: “Seriously? That’s never happened to us.” But that’s the point. It hasn’t … yet. Who would have thought gas pump monitoring systems in the US were a target for hackers?

The truth is they are, and at Black Hat next week we’ll tell you exactly how and why.

Times have changed

We’re no longer faced with bedroom-bound enthusiasts releasing potent but relatively innocuous viruses into the wild. Today’s threat landscape is about highly motivated, well resourced, agile and covert cybercriminals – many of whom know exactly how to stay hidden long enough to exfiltrate your most sensitive corporate data. It’s also about nation state actors on the prowl for anything which is economically or geopolitically advantageous. And it’s about hacktivists – many of whom hail from within our borders – who want to make a moral point by attacking organizations and exposing sensitive data to the public.

What this means practically speaking is that virtually every organization is a potential target. Whether you’re a government agency harboring state secrets, a business with credit card data sitting in your servers, or an organization that has somehow offended the hacktivist community.

Gas pumps exposed

Trend Micro’s senior threat researcher, Kyle Wilhoit, along with Stephen Hilt, first discovered an attack on the Guardian AST Monitoring System for internet-facing gas pumps earlier this year. On that occasion the attackers merely changed the name of a pump from “DIESEL” to “WE_ARE_LEGION” – the tag line for hacktivist collective Anonymous.

Now, that attack was pretty innocuous. But given that these systems typically monitor inventory, pump levels, and other key aspects of gas pumping systems, the potential is there for severe disruption of services. Empty tank values could be altered to display as full, leading to gas stations with no fuel. Kyle found more than 1,500 internet-facing pumps lacking adequate security to keep the bad guys out.

Read more here about Kyle’s presentation at Black Hat next week.

See you at Black Hat

The problem the good guys have is being able to share threat intelligence quickly enough and with the right people to make a difference. Trend Micro is fortunate in having great relationships with law enforcement agencies around the globe. But conferences like Black Hat are also a vital platform. They let us share intelligence and research that help us expand our parameters and come together as a community in a way that proves we’re greater than the sum of our parts.

That’s why Trend Micro is delighted to be presenting our research on attacks against gas tank monitoring systems at the show. Our very own Kyle Wilhoit and Stephen Hilt will be presenting their ground-breaking research on 5 August in the Jasmine Ballroom at 4.20pm: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems. And we’ll also be releasing a new free tool, Gaspot, to enable researchers and operators to set up their own virtual monitoring systems to track attempted attacks.

That’s not all. Senior malware scientist Sean Park will be discussing evasion techniques used against financial institutions in his not-to-be-missed talk at 11.30pm in Mandalay Bay GH: Winning the Online Banking War.

But we’re also looking forward to a fascinating few days of presentations on everything from mPOS flaws to targeted takedowns; and cloning 4G SIMs to IoT attacks.

The bad guys are pretty good at sharing intelligence, so let’s make sure we are too. See you in Vegas on August 5.

from Trend Micro Simply Security http://ift.tt/1LURJWq
via IFTTT

Tor connection vulnerability uncloaks hidden web services

Can "circuit fingerprinting" reveal the true location of Tor websites and services?

from Latest topics for ZDNet in Security http://ift.tt/1MXoS2c

Zero Day Weekly: Wassenaar backpedaling, rifle hacking, Stagefright, Wi-Fi Sense hysteria

Notable security news items for the week ending July 31, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.

from Latest topics for ZDNet in Security http://ift.tt/1MXoS2a

IBM Security Bulletin: Vulnerability in IBM Java SDK Version 7.0 Service Refresh 8 Fix Pack 10 affects Host On-Demand (CVE-2015-2590)

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 Service Refresh 8 Fix Pack 10 that is used by Host On-Demand. These issues were disclosed as part of the IBM Java SDK updates in July 2015. ...

from IBM Product Security Incident Response Team http://ift.tt/1Iu93fv

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM® Java Runtime, affect IBM Endpoint Manager for Remote Control and Tivoli Endpoint Manager for Remote Control

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 1 and Version 6 Service Refresh 16 Fix Pack 4, and IBM® Runtime Java™ Technology Edition, Version 8 Service Refresh 1 and earlier that is...

from IBM Product Security Incident Response Team http://ift.tt/1Iu98Qc

IBM Security Bulletin: PowerKVM is affected by two Qemu vulnerabilities

PowerKVM is affected by two Qemu vulnerabilities. CVE(s): CVE-2015-3214 and CVE-2015-4037 Affected product(s) and affected version(s): PowerKVM 2.1 Refer to the following...

from IBM Product Security Incident Response Team http://ift.tt/1Iu93fn

IBM Security Bulletin: PowerKVM is affected by Linux Kernel vulnerabilities (multiple CVEs)

PowerKVM is affected by several Linux Kernel vulnerabilities (multiple CVEs) . CVE(s): CVE-2015-2041 , CVE-2015-2042 , CVE-2015-3339 , CVE-2015-2922 , CVE-2014-9710 , CVE-2015-3332 , ...

from IBM Product Security Incident Response Team http://ift.tt/1SnKI5U

IBM Security Bulletin: PowerKVM is affected by cups vulnerabilities (multiple CVEs)

PowerKVM is affected by cups vulnerabilities (multiple CVEs). CVE(s): CVE-2014-9679 , CVE-2015-1158 and CVE-2015-1159 Affected product(s) and affected version(s): PowerKVM 2.1 ...

from IBM Product Security Incident Response Team http://ift.tt/1SnKGec

IBM Security Bulletin: An unspecified vulnerability could cause a denial of service for WebSphere DataPower XC10 Appliance Version 2.5 (CVE-2015-4936)

A vulnerability in the WebSphere DataPower XC10 Appliance Version 2.5 could cause a denial of service. CVE(s): CVE-2015-4936 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance...

from IBM Product Security Incident Response Team http://ift.tt/1Iu98Q4

IBM Security Bulletin: An unspecified vulnerability could cause a denial of service for WebSphere eXtreme Scale 8.6 (CVE-2015-4936)

An unspecified vulnerability in WebSphere eXtreme Scale 8.6 can cause a denial of service. CVE(s): CVE-2015-4936 Affected product(s) and affected version(s): WebSphere eXtreme Scale 8.6 ...

from IBM Product Security Incident Response Team http://ift.tt/1Iu92YZ

IBM Security Bulletin: PowerKVM is affected by OpenSSL vulnerabilities (multiple CVEs)

PowerKVM is affected by OpenSSL vulnerabilities (multiple CVEs). CVE(s): CVE-2015-1788 , CVE-2015-1789 , CVE-2015-1790 , CVE-2015-1791 , CVE-2015-1792 and CVE-2014-8176 Affected...

from IBM Product Security Incident Response Team http://ift.tt/1SnKHPn

IBM Security Bulletin: Vulnerabilities in Open SSL affect Power Hardware Management Console (CVE-2015-4000)

OpenSSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2015-4000 Affected product(s) and affected version(s): Power HMC V7.7.3.0 Power HMC V7.7.8.0...

from IBM Product Security Incident Response Team http://ift.tt/1Iu95Uw

IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM Infosphere BigInsights (CVE-2015-4000)

The Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol affects IBM Infosphere BigInsights. CVE(s): CVE-2015-4000 Affected product(s) and affected version(s): IBM...

from IBM Product Security Incident Response Team http://ift.tt/1M1iKcb

IBM Security Bulletin: WebSphere DataPower XC10 Appliance does not provide a means of overwriting the SSD when an appliance is to be discarded ( CVE-2015-1970)

When the WebSphere DataPower XC10 Appliance is used, sometimes potentially sensitive data is written to the SDD card. When the box is discarded or redispositioned, a malicious person might gain access to this card, remove it from the appliance, and access the...

from IBM Product Security Incident Response Team http://ift.tt/1OF4VOj

IBM Security Bulletin: Vulnerabilities in glibc affect Power Hardware Management Console ( CVE-2015-1781)

glibc is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2015-1781 Affected product(s) and affected version(s): Power HMC V8.1.0.0 Power HMC...

from IBM Product Security Incident Response Team http://ift.tt/1OF4VOg

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Identity Governance Appliance

There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Version 7 that is used by IBM Security Identity Governance Appliance. These issues were disclosed as part of the IBM Java SDK updates in April 2015. CVE(s):...

from IBM Product Security Incident Response Team http://ift.tt/1OF4Ud6

IBM Security Bulletin: IBM QRadar SIEM can be affected by Multiple Vulnerabilities in the IBM Java Runtime Environment. (CVE-2015-0478, CVE-2015-0488, CVE-2015-1916, CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931)

Several previously released versions of IBM QRadar SIEM, and IBM QRadar Incident Forensics are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7. CVE(s): CVE-2015-0478 , ...

from IBM Product Security Incident Response Team http://ift.tt/1M1iM3Y

IBM Security Bulletin: Vulnerabilities in Java affect Power Hardware Management Console (CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916)

Java is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2015-0480 , CVE-2015-0486 , CVE-2015-0488 , CVE-2015-0478 , CVE-2015-0477 and ...

from IBM Product Security Incident Response Team http://ift.tt/1M1iM3U

Bugtraq: HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators

HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators

from SecurityFocus Vulnerabilities http://ift.tt/1IxFa2h

The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos

Trend Micro researchers are now disclosing additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users.

The “Stagefright” vulnerability is actually a marketing label for a cluster seven individual vulnerabilities. One of the vulnerabilities in this cluster, CVE-2015-3824, was independently discovered by Trend Micro’s research team at the same time as other security researchers. This is actually a common occurrence in vulnerability research. For instance, we and other researchers found, and were credited for, the vulnerability that Microsoft recently fixed out-of-band with MS15-078.

Like others in the industry, our researcher team found the multimedia message system (MMS) attack vector for this vulnerability. However, they also found two additional vectors that can be used to successfully exploit it. After discussions with Google, we can now disclose what we’ve found.

The first additional attack vector is delivered via malicious video files on a website. This is nearly as dangerous as the MMS attack, since many videos now auto-play, especially on mobile devices. This vulnerability also enables attackers to bypass the disabling of auto-play videos in Chrome. This means an attacker would only need to convince a user to visit a posted video, enabling complete control the device after it’s played.

The second attack is made possible through malicious apps or MP4 files designed to exploit the vulnerability. Once a user downloads and runs it, the attacker would have full control over the device.

The recommendation to disable MMS will NOT protect against these two new attack vectors. However, it is still effective against one of the three attack vectors, and is a good idea generally if that feature is unused.

While there are no known mitigations for web-based video attack vectors, web reputation services like Trend Micro’s Web Reputation Services can help protect against known malicious sites. To help protect against malicious apps or MP4 files, be cautious about downloads. As malicious apps are discovered, mobile security solutions like Trend Micro Mobile Security can provide protection.

The best solution, of course, is to apply updates that fix the vulnerability. Unless you have a Nexus phone, you will get security fixes from your carrier, or the maker of your device.

Unfortunately, many of the 89 percent of Android users at-risk because will never be able to fix this vulnerability due to the age of their devices or their carriers and/or handset makers not making fixes available. These users are running “unpatchable Android” and can only fully protect themselves by getting a new device.

You can get more technical details on this at the Security Intelligence blog posting here.

Our research teams are monitoring this situation carefully and we will update you with any new information.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

from Trend Micro Simply Security http://ift.tt/1IOs9mK
via IFTTT

Bugtraq: [SECURITY] [DSA 3321-1] xmltooling security update

[SECURITY] [DSA 3321-1] xmltooling security update

from SecurityFocus Vulnerabilities http://ift.tt/1JAhwCW

Most Vulnerable Smart Cities to Cyber Attack on Internet of Things (IoT)

Imagine… You drive to work in your Smart-Car connected to the GPS automatically, but a hacker breaks into your car's network, takes control of the steering wheel, crashes you into a tree, and BOOM! Believe it or not, such Cyber Attacks on smart devices are becoming Reality. Car Hacking was recently demonstrated by a pair of security researchers who controlled a Jeep Cherokee

from The Hacker News http://ift.tt/1M15OTQ

SANS Announces Recruitment Fair for Top Infosec Candidates

Institute will train up 40 applicants ready to step into a job

from http://ift.tt/1JAetKY

Negligent Employees Cost Firms $1.5m – Report

Raytheon claims IT staff spend three hours each day dealing with incidents

from http://ift.tt/1DV9oH3

Blackphone 2 Boosts Enterprise Credentials with Android for Work Support

Latest version of secure smartphone will be available in September

from http://ift.tt/1My4s1Q

Personal Devices and Corporate Secrets: Only 11% of People Worry about Keeping Work Files Safe on Mobile Devices, Kaspersky Lab Survey Shows

According to a survey conducted by Kaspersky Lab in conjunction with B2B International, around half of the consumers surveyed also use their devices for work. However, only one in 10 is seriously concerned about keeping work information safe should cybercriminals gain access to their device

from http://ift.tt/1gsCDvV

Thursday, July 30, 2015

Should we let cyber espionage victims hack back?

Some private-sector victims of cyber espionage sound like they want to go all Blackwater on the internet. What could possibly go wrong?

from Latest topics for ZDNet in Security http://ift.tt/1LUfRbv

Mega denies claims by Kim Dotcom of NZ government control of company

Encrypted cloud storage service Mega has hit back at claims by Kim Dotcom that it is in the hands of a wanted Chinese investor whose shares have been seized by the New Zealand government.

from Latest topics for ZDNet in Security http://ift.tt/1OS5DIA

USN-2701-1: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu Security Notice USN-2701-1

30th July, 2015

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-trusty - Linux hardware enablement kernel from Trusty

Details

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)

Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)

Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable
interrupt) that interrupts userspace and encounters an IRET fault is
incorrectly handled by the Linux kernel. An unprivileged local user could
exploit this flaw to cause a denial of service (kernel OOPs), corruption,
or potentially escalate privileges on the system. (CVE-2015-5157)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:: linux-image-3.13.0-61-generic 3.13.0-61.100~precise1; linux-image-3.13.0-61-generic-lpae 3.13.0-61.100~precise1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-3290, CVE-2015-3291, CVE-2015-5157

from Ubuntu Security Notices http://ift.tt/1DU8yub

USN-2700-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2700-1