background preloader

HTTB Morning Ed. Direct Distributions (V2)

Facebook Twitter

Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel. SANS @Risk Consensus Security Alert Newsletter Week 32, 2012 | Qualys, Inc. Nepalese Government Sites Hacked, Serving Zegost Malware. Encyclopedia entry: Exploit:Java/CVE-2012-0507.OO - Learn more about malware - Microsoft Malware Protection Center. Openconstructor CMS 3.12.0 Cross Site Scripting. ###Title###: Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities ###Affected Software###: ###Description###: Openconstructor (formerly known as eSector Solutions Web Constructor) is an open source web Content Management System written in PHP. Stored XSS vulnerabilities exist on the 'name' and 'description' parameters, which are used as properties when creating a new object.

Verson 3.12.0 is vulnerable, previous version may be affected, but they have not been tested. ###Impact###:Authenticated attackers can plant malicious javascript in the web application, with the aim to execute it on the other user's browser. CVSS Base Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) ###Credits###: Lorenzo Cantoni (lorenzo[dot]cantoni86[at]gmail[dot]com) Zero Day Vulnerability in timthumb script - Announcements Discussions on Arras Community Forums.

Attackers Go Phishing for Payroll Workers With Java CVE-2012-1723 Exploit. Strategies For Protecting Web-Facing Databases. FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication. By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014 1 Comment | Read | Post a Comment News Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.By Mathew J. Schwartz , 3/18/2014 4 comments | Read | Post a Comment Breaches create outliers. 1 Comment | Read | Post a Comment Commentary Is "browser-ized" security a better defense against hackers than traditional methods? 2 comments | Read | Post a Comment Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.By Tim Wilson Editor in Chief, Dark Reading, 2/18/2014 0 comments | Read | Post a Comment Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network.By Mathew J. 12 comments | Read | Post a Comment More Stories.

Blizzard passwords could be theoretically reverse engineered. Blizzard Entertainment may not yet be in the clear of its latest breach, with the attackers potentially having enough information to reverse engineer weakly constructed passwords. As Jeremy Spilman pointed out on his blog, the information stolen from Blizzard is likely to be the server-side database used as part of the Secure Remote Password (SRP) protocol. If Blizzard's implementation of SRP is standard, its stolen SRP database contains the username and salts for each account and their hashed password verifiers. In his post, Spilman drew on a previous paper, written by the widely accepted father of SRP, Thomas Wu, who stated that if certain information were known — such as the password verifiers that were stolen from Blizzard — an attacker would be able to perform a dictionary attack.

Blizzard has also been criticised by the SANS Institute's Internet Storm Centre for not addressing the issue of resetting security questions. Google, Salesforce were allegedly offered 'TrapWire' spy tool. Now approaching its 10th day of a distributed denial-of-service (DDoS) attack, WikiLeaks has released information about a video-surveillance program that is possibly being used by the US government and large organisations, such as Salesforce and Google. The program, called TrapWire, was developed by US-based Abraxas Corporation, which is alleged to be staffed by many former US Central Intelligence Agency (CIA) agents.

TrapWire is meant to identify terrorists who approach a facility multiple times as they conduct their surveillance. According to Abraxas' documentation on TrapWire, it is able to correlate video surveillance with other data, such as watch lists. It can, for example, identify suspected terrorists using facial recognition or stolen vehicles by reading number plates, and then correlate this information with other event data that it already has. "Our consideration is introducing them to companies like Walmart, Dell and other[s]," he wrote. Juniper Networks banking on India rebound. India's telecommunications industry has been through tough times with steep competition and regulatory complications and uncertainty, but it will emerge from these challenges to recover and companies such as Juniper Networks is poised to benefit from the upturn.

Douglas Murray, senior vice president for Asia-Pacific at Juniper Networks, told ZDNet Asia in a recent interview that 2012 has been a particularly difficult year for India-based telcos because of steep industry competition and policy complications from the revoking of existing 2G spectrum licenses earlier in February. These were key reasons why there was a drop in the networking equipment maker's Asia-Pacific revenue in the second quarter, which slid 12 percent year-on-year. This dragged the wider group revenue down by 4 percent to US$1.07 billion for the three months ended June, Murray stated. "The enterprise segment was fine, but for service providers, demand slowed down in 2012.

FTC accuses Facebook of misleading developers over security. An investigation by the U.S. Federal Trade Commission (FTC) has suggested that the social networking site fell short in reviewing and verifying applications, and therefore "deceived" developers over security ratings. When developers passed along an application into the now-closed verified apps scheme, it is reported that the social networking site was paid up to $95,000 in order to give software green 'ticks' of approval. By doing so, individual applications were given a "test for trustworthy user experiences" by Facebook. However, an in-depth investigation into Facebook's practices, conducted by Commissioners Jon Leibowitz, J.

Thomas Rosch, Edith Ramirez and Julie Brill, has found that the social networking giant did not take the steps to review applications that it promoted. According to the FTC's report, under the title "Facebook's deceptive verified apps program", the program which ran from approximately May 2009 to December 2009 awarded 254 applications a green 'verified' badge. Bitdefender releases tool for removing Gauss financial malware. The security firm Bitdefender has released a clean-up tool for those who think their PCs might be infected with the Gauss malware. Gauss, which was outed by Kaspersky last week, is financial espionage malware that bears some resemblance to the Flame trojan, discovered back in May. Gauss can steal login credentials and cookies, and targets e-banking, social network and email accounts. Like Kaspersky, Bitdefender is of the opinion that Gauss is a "state-sponsored cyber-weapon", of the same ilk as Flame and Stuxnet.

"This prompts us about the fact that cyber-warfare is moving into the financial sector: tracing the origins and destination of money, and who is funding what operations," Bitdefender chief security researcher Catalin Cosoi said in a statement. Stuxnet is widely believed to have been created by the US and Israel. Two years ago it was used to sabotage Iranian nuclear facilities. Israel tests missile attack warning system via SMS. The Israel Defense Force (IDF) Home Front Command commenced a week-long test of an alert system which sends a text message to mobile phones located in areas likely to be hit by missile strikes. The "personal message" system which commenced on Sunday was developed in the past few years and is expected to be operational within a month, Xinhua news site reported Sunday. It will send area-specific warnings, based on projections of incoming trajectory of unguided rockets or ballistic missiles and aims to offer more specific guidelines to residents than existing air raid sirens.

As part of the drill, messages wil be delivered to several geographic areas, reading "The Home Front Command, checking cellular system", followed by a serial number, and will be sent in Hebrew, Arabic, Russian and English. This comes on the heels of a possible Israeli attack on Iran to stop its nuclear program, which has spurred public concern on how to prepare on the home front. Media sites brace for hacktivist attacks. Traditional news companies and other websites covering this year's presidential election are preparing for a flood of web traffic over the coming months, and not just from political junkies.

Politically motivated hacktivist attacks have become a top concern among companies providing election coverage online. RELATED: Senate delays, maybe kills, cybersecurity bill Bill Wheaton, senior vice president and general manager of Akamai's media division, says the 2012 election could generate roughly four-to-five times as much web traffic as it did in 2008. At peak hours, he estimates that as many as 4 million people could be streaming coverage of the election simultaneously, as a result of the increase in devices and social networks facilitating access to streamed content. To continue reading, register here to become an Insider It's FREE to join RELATED: Whose high-tech exec job hinges on the presidential election? "They're looking out for all sorts of hackers," Wheaton says.

While origin unclear, Gauss indicates malware tool boom. The computer security firm Kaspersky Lab announced this week that it had found a new cyber surveillance virus in the Middle East that is a descendent of the Stuxnet, Flame and Duqu malware. But they are not calling it "Son of Stuxnet. " Stuxnet is the computer worm widely believed to have been used by the U.S. and Israel to attack Iran's nuclear centrifuges. Dennis Fisher, writing on the Kaspersky blog Threatpost, said the new malware, discovered in June, had been named Gauss, after the German mathematician Carl Friedrich Gauss. "Gauss contains some of the same code as Flame," Fisher wrote. "But is markedly different in a number of respects, specifically in its ability to steal online banking credentials and has an encrypted payload that experts haven't yet been able to crack. " By Friday, both Kaspersky and the Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics had published Gauss detection tools.

"It can be for espionage.