Red Hat Security Advisory 2015-1515-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
Monthly Archives: August 2015
DSA-3327 squid3 – security update
Alex Rousskov of The Measurement Factory discovered that Squid3, a fully
featured web proxy cache, does not correctly handle CONNECT method peer
responses when configured with cache_peer and operating on explicit
proxy traffic. This could allow remote clients to gain unrestricted
access through a gateway proxy to its backend proxy.
Fedora 23 Security Update: lxc-1.1.2-2.fc23
CODEBLUE.JP – Security Conference in Tokyo Calling for Papers by Sep.10
Posted by Kana Shinoda on Aug 02
Dear all,
CODE BLUE in Tokyo is looking for innovative and creative research topics
regarding information security to be presented at the conference.
CODE BLUE is an international conference in Tokyo with the cutting eges
talks from all over the world, and is a place for all participants to
exchange information and interact beyond borders and languages.
We will support the travel airfare/accommodation/honorarium for one speaker
per a session….
Fedora EPEL 6 Security Update: lxc-1.0.7-2.el6
Fedora EPEL 7 Security Update: lxc-1.0.7-2.el7
DSA-3326 ghostscript – security update
William Robinet and Stefan Cornelius discovered an integer overflow in
Ghostscript, the GPL PostScript/PDF interpreter, which may result in
denial of service or potentially execution of arbitrary code if a
specially crafted file is opened.
Vulnerability in VirtueMart for Joomla
Posted by MustLive on Aug 01
Hello list!
This is Brute Force vulnerability in VirtueMart for Joomla. Which is at
order details page.
————————-
Affected products:
————————-
Vulnerable are VirtueMart 3.0.9 for Joomla and previous versions.
———-
Details:
———-
Brute Force (WASC-11):
Weak password due to limit…
TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
Original release date: August 01, 2015
Systems Affected
Microsoft Windows Systems, Adobe Flash Player, and Linux
Overview
Between June and July 2015, the United States Computer Emergency Readiness Team (US-CERT) received reports of multiple, ongoing and likely evolving, email-based phishing campaigns targeting U.S. Government agencies and private sector organizations. This alert provides general and phishing-specific mitigation strategies and countermeasures.
Description
US-CERT is aware of three phishing campaigns targeting U.S. Government agencies and private organizations across multiple sectors. All three campaigns leveraged website links contained in emails; two sites exploited a recent Adobe Flash vulnerability (CVE-2015-5119) while the third involved the download of a compressed (i.e., ZIP) file containing a malicious executable file. Most of the websites involved are legitimate corporate or organizational sites that were compromised and are hosting malicious content.
Impact
Systems infected through targeted phishing campaigns act as an entry point for attackers to spread throughout an organization’s entire enterprise, steal sensitive business or personal information, or disrupt business operations.
Solution
Phishing Mitigation and Response Recommendations
- Implement perimeter blocks for known threat indicators:
- Email server or email security gateway filters for email indicators
- Web proxy and firewall filters for websites or Internet Protocol (IP) addresses linked in the emails or used by related malware
- DNS server blocks (blackhole) or redirects (sinkhole) for known related domains and hostnames
- Remove malicious emails from targeted user mailboxes based on email indicators (e.g., using Microsoft ExMerge).
- Identify recipients and possible infected systems:
- Search email server logs for applicable sender, subject, attachments, etc. (to identify users that may have deleted the email and were not identified in purge of mailboxes)
- Search applicable web proxy, DNS, firewall or IDS logs for activity the malicious link clicked.
- Search applicable web proxy, DNS, firewall or IDS logs for activity to any associated command and control (C2) domains or IP addresses associated with the malware.
- Review anti-virus (AV) logs for alerts associated with the malware. AV products should be configured to be in quarantine mode. It is important to note that the absence of AV alerts or a clean AV scan should not be taken as conclusive evidence a system is not infected.
- Scan systems for host-level indicators of the related malware (e.g., YARA signatures)
- For systems that may be infected:
- Capture live memory of potentially infected systems for analysis
- Take forensic images of potentially infected systems for analysis
- Isolate systems to a virtual local area network (VLAN) segmented form the production agency network (e.g., an Internet-only segment)
- Report incidents, with as much detail as possible, to the NCCIC.
Educate Your Users
Organizations should remind users that they play a critical role in protecting their organizations form cyber threats. Users should:
- Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known. Be particularly wary of compressed or ZIP file attachments.
- Avoid clicking directly on website links in emails; attempts to verify web addresses independently (e.g., contact your organization’s helpdesk or sear the Internet for the main website of the organization or topic mentioned in the email).
- Report any suspicious emails to the information technology (IT) helpdesk or security office immediately.
Basic Cyber Hygiene
Practicing basic cyber hygiene would address or mitigate the vast majority of security breaches handled by today’s security practitioners:
- Privilege control (i.e., minimize administrative or superuser privileges)
- Application whitelisting / software execution control (by file or location)
- System application patching (e.g., operating system vulnerabilities, third-party vendor applications)
- Security software updating (e.g., AV definitions, IDS/IPS signatures and filters)
- Network segmentation (e.g., separate administrative networks from business-critical networks with physical controls and virtual local area networks)
- Multi-factor authentication (e.g., one-time password tokens, personal identity verification (PIV cards)
Further Information
For more information on cybersecurity best practices, users and administrators are encouraged to review US-CERT Security Tip: Handling Destructive Malware to evaluate their capabilities encompassing planning, preparation, detection, and response. Another resource is ICS-CERT Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies.
References
- Executive Order 13636: Cybersecurity Framework
- US-CERT Security Tip: Handling Destructive Malware
- ICS-CERT Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies
Revision History
- August 1, 2015: Initial Release
This product is provided subject to this Notification and this Privacy & Use policy.
Re: Symantec Endpoint Protection
Posted by Brandon Perry on Aug 01
Do you have example requests for the SQL injections?