Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
FUSE CVE-2015-3202 Local Privilege Escalation Vulnerability

Posted by InfoSec News on May 22


By Violet Blue
Zero Day
May 21, 2015

Headlines and infosec pros alike have been going mental over security
researcher Chris Roberts' alleged mid-flight hacking of a commercial
airplane, and his subsequent detainment by the FBI in April.

Things got hysterical last weekend when a month-old FBI search warrant
application surfaced in headlines...

Posted by InfoSec News on May 22

Forwarded from: bluknight <bluknight () skytalks info>

== https://skytalks.info ==

Skytalks is a 'sub-conference' that gives a unique platform for
researchers to share their research, for angry hackers to rant about
the issues of their industry, and for curious souls to probe
interesting issues, all without the watchful eye of the rest of the
world. With a strict, well-enforced "no recording" policy, research
that is...

Typically we try to device attackers into different groups, all the way from Script Kiddies (no resources, no skills, quite a bit of time/persistance) to more advanced state sponsored attackers (lots of resources, decent skills and ability to conduct long lasting persistent attacks).

So it was a bit odd to see an attack against a rather old vulnerability in DeDeCMS">The attack:

GET /uploads/plus/search.php?keyword=11typeArr[%60@%27%60and%28SELECT1%20FROM%28selectcount%28*%29,concat%28floor%28rand%280%29*2%29,%28SELECT/*%27*/concat%280x5f,userid,0x5f,pwd,0x5f%29fromdede_adminLimit0,1%29%29afrominformation_schema.tables%20group%20by%20a%29b%29]=1 HTTP/1.1 301 178 - Python-urllib/2.7

DeDeCMSis a Drupal like content management system popular in China [1]. Exploits like the one above have been used at least since 2013 [2]. The site that was attacked above does not use DeDeCMS, so the attacker did not do any recognizance.

The attacker also doesnt bother modifying the user agent and keep the Python-urllib/2.7 user agent indicating that the tool used to conduct the scan was written in Python. Many web application firewalls would block the request just for using that user agent.

The SQL statement that is being attempted:

SELECT 1 FROM(select count(*),concat(floor(rand(0)*2),(SELECT/**/concat(0x5f,userid,0x5f,pwd,0x5f) from dede_admin Limit 0,1))a from information_schema.tables group by a)b)]=1

A nice piece of SQL obfuscation, but I believe the goal is to retrieve the first username and password from the dede_admin table.

Sort of interesting: These were not the only attacks from these two IP addresses, and they did start out with some recognizance:

GET / HTTP/1.1 301 178 - +http://www.google.com/bot.html)

Here they spoof the Google user agent. The even first try out the plus/search.php URL:

GET //plus/search.php?keyword=astypeArr[111%3D@`\x5C`)+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+`%23@__admin`%23@`\x5C`+]=a HTTP/1.1 404 9093 - +http://www.google.com/bot.html)

But even though it returns a 404, they still proceed with the attack.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Multiple OleumTech Products CVE-2014-2361 Local Security Bypass Vulnerability
Multiple OleumTech Products CVE-2014-2362 Predictable Random Number Generator Weakness

Posted by InfoSec News on May 22


By Dan Goodin
Ars Technica
May 21, 2015

An estimated 500 million Android phones don't completely wipe data when
their factory reset option is run, a weakness that may allow the recovery
of login credentials, text messages, e-mails, and contacts, computer
scientists said Thursday.

In the first comprehensive study of the...
MIT Kerberos 5 CVE-2014-5355 Multiple Denial of Service Vulnerabilities
[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability
[SECURITY] [DSA 3270-1] postgresql-9.4 security update


Infosec practitioners face host of challenges
Boshoff says infosec improvements are being hindered by a lack of buy-in and support from business. "It is very difficult for security practitioners to successfully implement security protocols within an organisation when they have resistance from the ...


E-mail addresses, sexual orientations, and other sensitive details from almost four million AdultFriendFinder.com subscribers have been leaked onto the Internet following a hack that rooted the casual dating service, security researchers said.

The cache includes more than 3.8 million unique e-mail addresses of current and former subscribers, Australian security researcher Troy Hunt reported early Friday morning. The data, which is in the form of 15 Microsoft Excel spreadsheets, was first seeded to anonymous sites hosted on the Tor privacy network. It has since spread to sites on the open Internet. Links to sites hosting the data are easily found on Twitter and other social networking sites, (Ars isn't publishing the locations).

The compromise was first reported by British broadcaster Channel 4. In addition to including e-mail addresses and the sexual orientations of users, the data also provided other sensitive information, such as ages, zip codes, and whether the subscriber was seeking an extramarital affair. The trove included information for deleted accounts as well as those still current.

Read 3 remaining paragraphs | Comments

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
Oracle MySQL Server CVE-2015-0405 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-2571 Remote Security Vulnerability
Google Chrome CVE-2015-1265 Multiple Unspecified Security Vulnerabilities

Posted by InfoSec News on May 22


By Maggie Ybarra
The Washington Times
May 21, 2015

FBI agents can’t point to any major terrorism cases they’ve cracked thanks
to the key snooping powers in the Patriot Act, the Justice Department’s
inspector general said in a report Thursday that could complicate efforts
to keep key parts of the law operating.

Inspector General Michael...

Posted by InfoSec News on May 22


By Dan Sung
The Independent
22 May 2015

A hacker has exposed the personal and sexual details of nearly 4 million
users on one of the world-leading dating sites.

The details lifted from the database of Adult FriendFinder include the
information of previous members who had previously deleted their accounts....

Posted by InfoSec News on May 22


By Elizabeth Snell
Health IT Secutity
May 21, 2015

The US Coast Guard (USCG) must do a better job in its PHI security
measures, according to a recent report from the Office of the Inspector
General (OIG).

Specifically, USCG lacks a strong organizational approach to resolving
privacy issues, the report stated, which leads to the agency having

Posted by InfoSec News on May 22


May 22, 2015

Internet users in Korea are notoriously more exposed to security risks
than their counterparts in other countries, partly because their password
hints are too easy to guess, Google analysis released Thursday shows.

The search giant analyzed security questions selected by the users around
the world to help them when they forget the password....

Posted by InfoSec News on May 22


By Darren Pauli
The Register
22 May 2015

The Payment Card Industry Security Standards Council has created a
taskforce charged with improving security among small businesses.

The prodigious task will be tackled by encouraging small businesses to
adopt security best practice and simplified Payment Card Industry Data
Security Standards (PCI DSS)....
[SECURITY] [DSA 3268-1] ntfs-3g security update
[SECURITY] [DSA 3267-1] chromium-browser security update
[security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

An article published today in the People's Liberation Army Daily, the official newspaper of China's military—and reprinted in part by Qiushi, the official magazine of the Chinese Communist Party—calls the Internet "the ideological 'main front' and 'the main battlefield'" upon which China must fight an ideological war upon the West to defend itself from the creeping evils of Western thought. The article calls for greater restrictions on Internet content and for the People's Liberation Army to "protect ideological and political security on the invisible battleground of the Internet" as it protects the physical security of the country.

"It is said that before the 1960s, who took control of the print media, will have the right to speak; before the 1990s, who controlled the television media, will have more right to speak; and after entering the new century, who control Internet, including mobile Internet, will have the greatest right to speak," the unnamed author of the piece wrote. "In the eyes of Western anti-China forces, the Internet is undoubtedly intended to guide public opinion in China," undermining the authority of the government with "unwarranted charges" and "exaggerating minority conflicts" while presenting democracy as "a cure-all 'recipe for salvation' and presenting the ideas of the Western world as the leading civilized 'universal values'."

In the view of the PLA Daily, Western powers and Chinese "ideological traitors" have used the Internet to wage war on the Party: "Their fundamental objective is to confuse us with 'universal values', disturb us with 'constitutional democracy', and eventually overthrow our country through 'color revolution'," the article stated—an allusion to the "Orange Revolution" in Ukraine and other popular uprisings against Communist authoritarian governments in the former Soviet Bloc. "Regime collapse that can occur overnight often starts from long-term ideological erosion."

Read 2 remaining paragraphs | Comments


An estimated 500 million Android phones don't completely wipe data when their factory reset option is run, a weakness that may allow the recovery of login credentials, text messages, e-mails, and contacts, computer scientists said Thursday.

In the first comprehensive study of the effectiveness of the Android feature, Cambridge University researchers found that they were able to recover data on a wide range of devices that had run factory reset. The function, which is built into Google's Android mobile operating system, is considered a crucial means for wiping confidential data off of devices before they're sold, recycled, or otherwise retired. The study found that data could be recovered even when users turned on full-disk encryption.

Based on the devices studied, the researchers estimated that 500 million devices may not fully wipe disk partitions where sensitive data is stored and 630 million phones may not wipe internal SD cards where pictures and video are often kept. The findings, published in a research paper titled Security Analysis of Android Factory Resets, are sure to be a wake-up call for individual users and large enterprises alike.

Read 10 remaining paragraphs | Comments

Internet Storm Center Infocon Status