ISC StormCast for Friday, October 31st 2014

By Johannes Ullrich #NCSAM: False positives from Management; Sandworm going after Swiss Banks; Graphic Card Turned into Data Leakage Radio; More Tools to Cash out your Stolen CCs
NCSAM: False positives from Management
https://isc.sans.edu/forums/diary/CSAM+Month+of+False+Postives+-+False+Positives+from+Management/18901
Sandworm Vulnerability Used in Banking Trojan
https://www.csis.dk/en/csis/blog/4498
Grafic Card Uses as Radio to Leak Data
http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper
Advanced Fraud Platform Adverstised to Cash Out Stolen Credit Cards
http://satoshibox.com/53fb31144c347beb4b0083a0?paid# More Here      

ISC StormCast for Thursday, October 30th 2014

By Johannes Ullrich #Drupal: you are pw0n3d; MSFT readies for post SSLv3 world; #CurrentC beta leaks data; ftp command line client command exec
Drupal warns users of possible compromissed sites
https://www.drupal.org/PSA-2014-003
Microsoft Releases Fix It to disable SSLv3
https://support.microsoft.com/kb/3009008
CurrentC Beta User’s Info Exposed
http://www.imore.com/depth-look-currentc-and-personal-data-they-want-collect
GMail used by malware for command and control
http://www.wired.com/2014/10/hackers-using-gmail-drafts-update-malware-steal-data/
OS 10.10 ftp remote command exec
http://cxsecurity.com/issue/WLB-2014100174 More Here      

ISC StormCast for Wednesday, October 29th 2014

By Johannes Ullrich #wget vulnerable; and your #Cisco ASA; detect persistent software on OS X; #Yosemite leaking even more to the cloud.
wget Vulnerability
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
Cisco ASA Vulnerabilities
https://ruxcon.org.au/assets/2014/slides/Breaking%20Bricks%20Ruxcon%202014.pdf
Open source script to detect auto-start processes on OS X
https://github.com/synack/knockknock
unsaved “recovery” documents saved to iCloud in OS X Yosemite
https://datavibe.net/~sneak/20141023/wtf-icloud/ More Here      

ISC StormCast for Tuesday, October 28th 2014

By Johannes Ullrich #VZW tagging users for advertisers; Android ransomware via SMS; string: your favorite vuln. tool; Al Quaida SSID grounds flight.
Verizon Injects Header in HTTP Traffic to Allow Advertisers to Identify Users
http://www.verizonwireless.com/support/faqs/AccountManagement/mobile_ads.html
New Android Ransom Wear Spreads via SMS
http://research.zscaler.com/2014/10/android-ransomware-koler-learns-to.html
Arbitrary Code Execution Vulnerability in “strings”
http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html
“Al Quaida” SSID causes flight delay
http://abc7.com/news/lax-flight-delayed-after-wifi-hotspot-name-prompts-concerns/367110/ More Here      

ISC StormCast for Monday, October 27th 2014

By Johannes Ullrich #Shellshock botnet via SMTP; Find Vulnerabilities with #masscan and #nmap; #tor exit node modifies binaries; Vulnerable Home Automation; #samsung #knox response
Shellshock Exploit used against mail servers
https://isc.sans.edu/forums/diary/Shellshock+via+SMTP/18879
Scanning For Specific Vulnerabilities
https://isc.sans.edu/forums/diary/Scanning+for+Single+Critical+Vulnerabilities/18881
Tor Exitnode “patches” Binary Downloads
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
Micasa Verda / Vera Home Automation Gateway Security Review (and fail)
http://www.xipiter.com/musings/the-insecurity-of-things-part-two
Samsung Responds to claims about Knox Insecurity
http://www.theregister.co.uk/2014/10/26/samsung_denies_knox_security_vuln_allegations/ More Here      

ISC StormCast for Friday, October 24th 2014

By Johannes Ullrich VMWare Patches; NIST Hypervisor Deployment Advice; Adobe eReader Now Spying over SSL; Samsung KNOX not that secure; Cryptowall
VMware Updates
http://www.vmware.com/security/advisories/VMSA-2014-0011.html
NIST Publication 800-125A : Deploying Hypervisors
http://csrc.nist.gov/publications/drafts/800-125a/sp800-125a_draft.pdf
Adobe eReader now using SSL to phone home
http://www.theregister.co.uk/2014/10/23/adobe_updates_digital_editions_encryption/
Analysis of Samsung KNOX
http://mobilesecurityares.blogspot.de/2014/10/why-samsung-knox-isnt-really-fort-knox.html
Cryptowall coming back via paid-for ads
http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php More Here      

ISC StormCast for Thursday, October 23rd 2014

By Johannes Ullrich 2001 vulnerability found in 2013 Cisco product; Dangers of NAT-PMP; iOS 8.1 Jailbreak; Ruxcon; 911 outage lessons;
Telnetd Vulnerability in Cisco Ironport WSA
https://isc.sans.edu/forums/diary/+telnetd+rulez+Cisco+Ironport+WSA+Telnetd+Remote+Code+Execution+Vulnerability/18869
Miconsconfigured Routers Allow Config Changes via NAT-PMP
https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities
Jailbreak for iOS 8.1
http://pangu.io
Ruxcon Slides / Intercepting Pager Data
https://ruxcon.org.au/slides/
April 911 Outages Affected 3.5 % of US Population
http://threatpost.com/april-911-outage-affected-3-5-percent-of-u-s-population/108974 More Here      

ISC StormCast for Wednesday, October 22nd 2014

By Johannes Ullrich #MSFT releases special security advisory; #NCSAM false positives in pentest reports; Palo Alto Leaks Credentials; UEFI Vulnerabilities
Microsoft Releases Special Security Advisory for new OLE Vulnerability
https://technet.microsoft.com/library/security/3010060
False Positives in Pentest Reports
https://isc.sans.edu/forums/diary/CSAM+Month+of+False+Positives+Ghosts+in+the+Pentest+Report/18861
Misconfigured Palo Alto Firewalls Leak Credentials
https://community.rapid7.com/community/infosec/blog/2014/10/14/palo-alto-networks-userid-credential-exposure
http://live.paloaltonetworks.com/docs/DOC-8125/
UEFI Vulnerability exploitable for Windows 8
https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems More Here      

ISC StormCast for Tuesday, October 21st 2014

By Johannes Ullrich #Apple iOS Security Updates; #MSFT pulls SHA-2 patch from October Updates; China intercepts iCloud; US Gov Pushes Chip&Pin; PHP Patch
Apple iOS 8.1 and Apple TV 7.0.1
https://support.apple.com/kb/HT1222
Microsoft Pulls Windows 7 SHA-2 Update
https://technet.microsoft.com/en-us/library/security/2949927
iCloud SSL Traffic Intercepted in China using self signed certificates
https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
US Government to Require Chip-and-Pin for Federal Payments
http://www.whitehouse.gov/the-press-office/2014/10/17/fact-sheet-safeguarding-consumers-financial-security
PHP Update Released
http://php.net/ChangeLog-5.php More Here