Get an 11" iPad Pro, Surface Go 2, or $300 Off with OnDemand Training

Newsletters: @RISK

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure

@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data

A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.

November 29, 2012

@RISK: The Consensus Security Vulnerability Alert

Vol. 12, Num. 48

Providing a reliable, weekly summary of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked.



MOST POPULAR MALWARE FILES 11/15/2012 - 11/21/2012

TOP VULNERABILITY THIS WEEK: SCADA security continues to be a hot-button issue, with a pair of vendors claiming a massive cache of 0-day remote code execution bugs in a variety of product suites. Details are sketchy at best for the time being, but users of potentially impacted software are urged to work with ICS-CERT and their vendor(s) to resolve the problems as soon as information about these exploits surfaces.



- --SANS Cyber Defense Initiative ® 2012 Washington, DC December 7-16, 2012
27 courses. Bonus evening presentations include Gamification: Hacking Your Brain for Better Learning; Building a Portable Private Cloud; and Tactical SecOps: A Guide to Precision Security Operations.

- --SANS Security East 2013 New Orleans, LA January 16-23, 2013
11 courses. Bonus evening presentations include The Next Wave - Data Center Consolidation; Top Threats to Cloud for 2013; and Hacking Your Friends and Neighbors for Fun. Special Event: NetWars Tournament of Champions.

- --North American SCADA and Process Control Summit 2013 Lake Buena Vista, FL February 6-13, 2013
The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. The Security Summit is an action conference designed so that every attendee leaves with new tools and techniques they can put to work immediately when they return to their office. The Summit is the place to come and interact with top SCADA experts, key government personnel, researchers and asset owners at the multiple special networking events.
8 courses. Bonus evening presentation: The SANS SCADA Dinner Theater Players Present: From Exposure to Closure - Act III.

- --Looking for training in your own community?

- --Save on On-Demand training (30 full courses) - See samples at

Plus Barcelona, Cairo, Anaheim, New Delhi, and Brussels all in the next 90 days.

For a list of all upcoming events, on-line and live:

********************* Sponsored Links: *********************

1) Take the SANS Survey on the Security Practices of SCADA System
Operators and register to win an iPad!

2) Why Deception Matters in Today's Web Attacks by John Bumgarner


Title: Multiple SCADA 0-Day Remote Exploits
Description: Responding to claims by Maltese security firm ReVuln that it had discovered multiple remotely exploitable bugs in different SCADA systems, but would not be supplying details of the bugs to impacted vendors, reverse-engineering firm Exodus Intel has provided details of 23 distinct SCADA vulnerabilities - including a number of remote code execution bugs - to ICS-CERT, the US government organization specifically in charge of SCADA security. While no details of either set of vulnerabilities has been released to date, users of potentially impacted software are urged to contact ICS-CERT for mitigation information as soon as possible, and to work with their vendors to patch promptly once updates become available.
Snort SID: N/A
ClamAV: N/A

Title: Samsung Printer Backdoor Account
Description: Network-aware printers manufactured by Samsung before October 31, 2012 (including some Dell printers actually built by Samsung) have a hard-coded SNMP read-write community string, which enables full administrative access to the device - even when SNMP has been disabled by the user. A patch is currently being developed by Samsung; in the interim, users should consider blocking all SNMP traffic to impacted printers, which likely contain sensitive information that could be used by an attacker or industrial spy.