October 11, 2014, 1:00 am
International Dairy Queen, the ice cream chain owned by Warren Buffett’s Berkshire Hathaway Inc. (BRK/A), said customer data were compromised by hackers.
The breach with the so-called Backoff malware affected 395 of more than 4,500 U.S. locations, the unit of Omaha, Nebraska-based Berkshire said today in a statement. The systems contained customer names, and the numbers and expiration dates of their payment cards. Less than 600,000 cards were affected, said Dean Peters, a spokesman for Dairy Queen.
more here..............http://www.bloomberg.com/news/2014-10-09/dairy-queen-says-customer-data-compromised-by-backoff-malware.html
additional technical details from a prior post back in July here...........http://blog.spiderlabs.com/2014/07/backoff-technical-analysis.html
![]()
↧
October 11, 2014, 2:45 am
On Thursday, Oct. 9, Kmart's Information Technology team detected our payment data systems had been breached and immediately launched a full investigation working with a leading IT security firm.
Our investigation to date indicates the breach started in early September.
more here............http://www.prnewswire.com/news-releases/kmart-investigating-payment-system-intrusion-278843261.html
![]()
↧
↧
October 11, 2014, 4:23 am
Python script for decrypting stored images from Snapchat version 5.0.34.nn The script needs a rooted device and USB debugging turned on.
more here............https://github.com/programa-stic/snapchat-decrypt
![]()
↧
October 11, 2014, 4:25 am
The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept.
more here...........https://firstlook.org/theintercept/2014/10/10/core-secrets/
![]()
↧
October 11, 2014, 4:27 am
I was able to use the bash shellshock vulnerability last week to manually find a vulnerability in a web server through the HTTP User-agent. If you can do something manually there is a good chance that it can be done programmatically. This python program is an extension of that belief.
more here.............http://securenetworkmanagement.com/shellshock-user-agent-vulnerability-scanner/
![]()
↧
↧
October 11, 2014, 4:30 am
This release includes features such as Linux Kernel 3.13, EFI mode, Anonymous mode, LVM + Disk encryption installer, privacy additions and armhf Debian packages.
more here.............http://www.backbox.org/blog/backbox-linux-4-released
![]()
↧
October 11, 2014, 6:29 am
A lot of people (including myself, until recently) think that effective sandboxing requires a filter driver or kernel hooking, but this is no longer the case. A new security feature introduced in Windows Vista known as the Windows Integrity Mechanism can be used to create sandboxes that run entirely in usermode. Although the mechanism was not designed to be used this way, it makes for great driverless sandboxing.
more here.............http://www.malwaretech.com/2014/10/usermode-sandboxing.html
![]()
↧
October 11, 2014, 10:37 am
Criminal gangs are plotting a $1 billion (£618 million) cyber-heist on global financial institutions, Europol has warned, as they ratchet up the pressure on banks reeling from the record-breaking hit on JPMorgan Chase.
more here...........http://www.standard.co.uk/business/business-news/criminal-gangs-in-1bn-city-cyber-raid-plot-9787302.html
![]()
↧
October 12, 2014, 1:26 am
As per Wikipedia, denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.
In this small post I would like to show a few useful commands to use if someone is experiencing a DDoS attack.
more here...........http://kukuruku.co/hub/infosec/some-useful-commands-to-use-during-ddos
![]()
↧
↧
October 12, 2014, 3:55 am
A lot of sites use SVN as their VCS of choice, pushing site changes directly from the repository. This is all good, but if you are not careful, you risk exposing your entire working repository.
more here..........http://blog.toft.io/exploiting-unsecure-web-servers-with-svn-directories/
![]()
↧
October 12, 2014, 4:22 am
I've found a Content Security Policy bypass similar and related to thesame origin policy bypass in CVE-2014-6041.https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041I've tested this on an Android 4.3 tablet running a bunch of differentbrowsers, including Inbrowser, Firefox, and the default Androidbrowser on an emulator for Android 4.3.1.HTML PoC:<input type=button value="test" onclick=" a=document.createElement('script'); a.id='AA'; a.src='\u0000https://js.stripe.com/v2/'; document.body.appendChild(a); setTimeout(function(){if(typeof(document.getElementById('AA'))!=='undefined'){alert(Stripe);}else{alert(2);}}, 400); return false;">The content security policy rule that should block this isscript-src 'self' https://js.stripe.com/v3/ ;The PoC worked if you see a popup containing stripes e(){} object. Iset the Timeout kind of short, so you may have to press the buttontwice before you see the popup.I have a PoC test page at ejj.io/test.phpCheers,Evan J
//The information contained within this publication is//supplied "as-is"with no warranties or guarantees of fitness//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts//responsibility for any damage caused by the use or misuse of//this information ![]()
↧
October 12, 2014, 3:57 am
When reversing embedded code, it is often the case that completely different devices are built around a common code base, either due to code re-use by the vendor, or through the use of third-party software; this is especially true of devices running the same Real Time Operating System.
more here...........http://www.devttys0.com/2014/10/a-code-signature-plugin-for-ida/
![]()
↧
October 12, 2014, 4:00 am
Last week I came across a service on the Internet running on TCP port 11211, Memcached's default port. I had heard of Memcached before but I probably only knew it was some kind of database system, that was the extent of my familiarity with it.
I quickly learnt that connecting to Memcached does not require authentication. Authentication can be implmented but even then Memcached's own documentation says it should not be fully trusted.
more here.............http://blog.dewhurstsecurity.com/2014/10/12/memcached.html
![]()
↧
↧
October 12, 2014, 4:19 am
I've already covered most parts of FinFisher malware in last two articles (part1, part2). This time, in this article, which is last article related to FinFisher, I'll cover last important tricks, methods and techniques used by FinFisher. So I'll make categorize them by subject
more here...........https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-3
![]()
↧
October 12, 2014, 9:56 am
This afternoon, my internet connection was so unusable that I couldn’t even watch non-HD Youtube videos. I decided that before blaming Comcast again, I should at least try to make sure the problem wasn’t on my end. I started by resetting my wifi router to the defaults and reconfiguring it from scratch.
I had long suspected that (a) some neighbor had cracked my WPA password and was wasting all my bandwidth; and/or (b) that the router itself was thoroughly pwned. I am of course extremely lazy, so I let this enjoyable paranoia simmer in the back of my mind, unresolved, for months. Besides, I had forgotten the admin password, so I knew I would have to reset it to factory defaults just to get back into the administration interface. Today was that day.
more here..........http://noncombatant.org/2014/10/12/brainstorming-security-for-the-internet-of-things/
![]()
↧
October 12, 2014, 9:58 am
Inspired by this blogpost I decided to take a quick look at i2p myself (details on the vulnerability were not given at this point in time). After messing a bit with the routerconsole I figured that the "refresh" parameter of the page "summaryframe.jsp" ends up in the configuration of i2p. So let's just track down this behavior
more here........http://www.phenoelit.org/blog/archives/2014/10/11/tldr_just_another_way_to_get_rce_in_i2p_version_0_9_13/index.html![]()
↧
October 13, 2014, 1:38 am
ver the past days we intercepted several unsolicited emails purporting to be a voicemail from Microsoft Outlook sent via Microsoft Exchange Server.
The emails arrive with the subject line "You have received a voice mail" and invite the recipient to download and extract the attachment to listen to the message.
The attachment, a ZIP file named VOICE[10 numbers].WAV.ZIP, contains an executable posing as an Audio file with a double extension (.WAV.EXE).
The file name contains 17 to 20 random numbers: VOICE000358[17 - 20 random numbers].WAV.EXE. Never trust a file by its icon, always pay attention to the file extension instead and make sure that Windows Explorer is set to show file extensions.
The payload is the notorious ZeuS GameOver. The only interesting part in this sample is that cyber-criminal behind this campaign opted for a .NET cryptor, something I haven’t seen yet in ZeuS GameOver samples.
more here............http://stopmalvertising.com/spam-scams/zeus-gameover-uses-.net-cryptor-and-invites-zemot.html
![]()
↧
↧
October 13, 2014, 4:59 am
During my talks and during my daily working life people asks me about the most interesting Malware used to perform Advanced Persistent Targeted Attacks (APTA). So I decided to give my personal answer in this post, beeing concious that things would change pretty soon.
more here..........http://marcoramilli.blogspot.com/2014/10/the-most-famous-malwares-in-apta.html
![]()
↧
October 13, 2014, 5:01 am
When Intel Edison came out in September 2014, it caught my eye not only because of my unhealthy obsession with robotics, but also because it seemed like an interesting platform for security enthusiasts to perform hobby fuzzing work.
For those of you who have not heard of it, Edison is a sub-$50, stamp-sized (3.5 x 2.5 x 0.4 cm), and essentially self-contained dual-core x86 system with surprisingly decent specs. It comes with built-in wifi and Bluetooth, 1 GB of RAM, 4 GB of non-volatile storage, and can boot to a pretty standard distribution of Linux. It's really tiny - not really a surprise in the age of devices such as Apple Watch or Google Glass, but certainly remarkable for a well-rounded general-purpose computer at this price point
more here...........http://lcamtuf.coredump.cx/edison_fuzz/
![]()
↧
October 13, 2014, 5:03 am
In a recent assignment, I was asked to do an IT security audit of a Samsung Smart-TV app. It took me some time to find the (for me) ideal solution to do the audit with my usual setup of tools. Since Smart-TV apps are based on javascript, they run on a fancy browser in the Smart-TV device. Consequently, using the same auditing techniques for Smart-TV apps as for web applications makes sense. So the goal was to get all the requests and responses from the emulator through a proxy – in my case BurpSuite. I hope to help fellow IT security auditors to save some time with this little write-up.
more here.........http://mherfurt.wordpress.com/2014/10/10/auditing-samsung-smart-tv-apps/
![]()
↧