The Department of Defense (DOD) released the DOD Strategy for Operating in Cyberspace July 14. It is the first DOD unified strategy for cyberspace and officially encapsulates a new way forward for DOD’s military, intelligence, and business operations. Reliable access to cyberspace is critical to U.S. national security, public safety, and economic well-being. Cyber threats continue to grow in scope and severity on a daily basis. More than 60,000 new malicious software programs or variations are identified every day threatening the security, economy, and citizens of the United States. “The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” the Deputy Secretary of Defense said. “Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than 7 million computing devices, DOD continues to be a target in cyberspace for malicious activity.” The DOD and other governmental agencies have taken steps to anticipate, mitigate, and deter these threats. DOD deepened and strengthened coordination with DHS to secure critical networks as evidenced by the recent DOD-DHS Memorandum of Agreement. “Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial,” the Deputy said. “Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”
Monsanto confirms Anonymous hacking attack
Agricultural biotech giant Monsanto confirmed July 13 it had been victimized by a hacking attack that the online activist collective Anonymous announced July 12. “Last month, Monsanto experienced a disruption to our Web sites which appeared to be organized by a cyber-group,” the director of corporate affairs said in a statement. “In addition, this group also recently published publicly available information on approximately 2,500 individuals involved in the broader global agriculture industry,” it indicated. “Contrary to initial media reports, only 10 percent of this publicly available information related to Monsanto’s current and former employees. The list also included contact details for media outlets as well as other agricultural companies.” The company turned information on the attacks over to the “appropriate authorities,” and remains “vigilant in protecting our information systems,” the statement added. Anonymous released contact information for about 2,500 people that presumably was snagged July 12 from Monsanto, and said it had attacked the company’s Web servers to protest lawsuits the company filed against organic dairy farmers for stating on labels that their products don’t contain growth hormones. Monsanto makes genetically engineered seeds, and pesticides.
Google+ related scams move to Facebook
Scammers continue to take advantage of the interest raised by the introduction of Google+ and have begun tricking Facebook users into giving them access to their accounts via a rogue application. Users are lured in by updates on their news feeds seemingly posted by their friends, which “like” the “Google+ – Get Invite” Facebook page. Clicking on the link gets users to the page, where the rogue app by the name “Google Plus – Direct Access” is linked. Clicking on the link initiates the request for permissions from the app. Once the permission is given, the victim is urged to “like” the page that propagates the app and is encouraged to send and invite to their friends to visit it — in the hope that they will fall more easily for the scam if a friend of theirs appears to be supporting it. At the end of the process, the user is redirected to the official Google+ homepage. However, if they try to sign-in, they are faced with the notice that the service currently exceeded capacity.
Apache Tomcat security bypass vulnerability
A security issue and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS, according to Secunia. The security issue is caused due to Apache Tomcat not properly verifying sendfile request attributes when running under a security manager, which can be exploited by a malicious Web application to bypass intended restrictions and, for example, disclose local files. The vulnerability is caused due to Apache Tomcat not properly handling sendfile requests with invalid start and endpoints, which can be exploited to crash the JVM. Successful exploitation requires that a malicious Web application is deployed, and a security manager and the HTTP NIO or HTTP APR connector with enabled sendfile is used.
Sega forums still closed a month after mystery hack
Sega’s forum remains offline almost a month after its forums and other sites were hit by hacktivists, The Register reported July 14. Hackers broke into Sega’s systems and made off with user registration details, e-mail addresses, birth dates, and encrypted passwords of about 1.3 million users in June. No financial data was exposed by the hack, which was initially blamed on the hacking group LulzSec. The now defunct group denied involvement, even going so far as offering to track down the miscreants. Sega took the precaution June 16 of suspending its forums and other sites accessed via Sega Pass system while it beefed up security. This work remains ongoing almost a month later. A representative of Sega told The Register the sites remain offline for testing. No date has been set for restoration.
VLC Media Player vulnerable to heap overflow exploits
According to the VideoLAN project, VLC Media Player is susceptible to two heap overflow vulnerabilities in the Real Media and AVI file parsers. These holes, rated as “Highly critical” by security specialists at Secunia, could be exploited by an attacker to crash the player or possibly execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted malicious file. The vulnerabilities have been confirmed to affect the latest 1.1.10 release of VLC, from early June. According to the VLC developers, an upcoming maintenance and security update, VLC 1.1.11, will address these problems and introduce further stability fixes.
Report: Sixty percent of users are running unpatched versions of Adobe
Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks, according to a report published July 13. In a study of its own antivirus users, Avast Software found 60.2 percent of those with Adobe Reader were running a vulnerable version of the program, and only 40 percent of users had the newest Adobe Reader X or were fully patched. One out of every five users also had an unpatched version of Adobe Reader that was at least two generations old, the study said. Adobe Reader is the most popular PDF reader application, and is a frequent target for malware writers. More than 80 percent of Avast users run a version of Adobe Reader.
Trend Micro Control Manager file disclosure vulnerability
A vulnerability in Trend Micro Control Manager can be exploited by malicious users to disclose sensitive information, according to Secunia. Input passed via the “module” parameter to WebApp/widget/proxy_request.php (when “sid” is set to “undefined” and “serverid”, “SORTFIELD”, “SELECTION”, and “WID” are set) is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 5.5 (Build 1250). Other versions may also be affected.
Voda femtocells open phones up to intercept
Security researchers claim to have uncovered a serious security hole in Vodafone’s mobile network. Security shortcomings in the femtocell technology supplied by the cell phone giant create a means to extract data that would allow hackers to intercept calls or impersonate users that connect through a compromised device, The Hacker’s Choice (THC) claims. Femtocells are home routers that use broadband connections to improve mobile coverage, allowing calls to be made indoors more easily. THC claims to have reverse-engineered the Sagem-manufactured kit, and discovered a way for any subscriber to use a femtocell. A second vulnerability creates a means for hackers to grab secret subscriber information from Vodafone (specifically IMSI — international mobile subscriber identity — data from Home Location Register and authentication systems). Because of this shortcoming, it is possible to turn a hacked femtocell into an interception device, the researchers claim. Access to a victim’s voicemail would also be possible. All these hacks would only work once a victim had been tricked into using a compromised base station, something that can happen automatically, but only over a short distance of around 50 meters from the device. The root cause of the problem is that the allegedly insecure base station kit is assigned functions normally restricted to carriers’ core network authentication systems.
Read the Full DHS Infrastructure Report:
*Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http:// http://www.dhs.gov/files/programs/editorial_0542.shtm. Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.