InfoSec News

One of my favourite tools has to be Metasploit and version 4 has been released and is available for download.
Updating an existing instance is a cinch, just run the msfupdate or SVNand you should be good to go. Alternatively you can get fresh install files from the metasploit web site. More info here -- https://community.rapid7.com/community/metasploit/blog/2011/08/01/metasploit-40-released?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+metasploit%2Fblog+%28Metasploit+Blog%29
Enjoy.

Mark (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mitek is extending the market for its its imaging technology from financial services to the health care and insurance industries.
 
Spot shortages of the MacBook Air show that demand for Apple's recently-revamped notebook is off to a strong start, a Wall Street analyst said today.
 
Foomatic 'foomatic-rip' Command Injection Vulnerability
 

LulzSec Intrigue; Hurd Talks Oracle's Real Battle
InformationWeek
The InfoSec concerns run much more broadly, and far more deeply than all of this theatrical hacking--although, it shouldn't be dismissed, either. This week kicks off another Black Hat conference--the popular destination for security researchers to ...

and more »
 
Version 3.4.2 of the open-source LibreOffice suite is now available and "enterprise-ready," project backers The Document Foundation announced Monday.
 
Mike Elgan wrote that Google+ makes Twitter obsolete, but this reader still sees clear advantages on the latter platform.
 
Several tech trade groups oppose a bill that would require Internet retailers to collect sales tax.
 
News International directed service providers contracted to maintain its e-mail system to delete some messages, according to Indian outsourcer HCL Technologies in a letter to the Home Affairs Committee of the U.K. Parliament.
 
Verizon Wireless and American Express will integrate the Serve online payment system over mobile phones and tablets in coming months, the two companies announced Monday.
 
Twitter confirmed today that it has raised a 'significant round of funding' that executives hope to use to expand the site's reach.
 
Microsoft's Windows XP has slipped under the 50% share mark for the first time since Web measurement company Net Applications began tracking operating system usage.
 
Symantec today unveiled the latest version of its email archiving software, which can now automatically classify email and assign it to the appropriate tier of storage.
 
A webOS software update for Hewlett-Packard's TouchPad tablet will be delivered over-the-air starting on Monday, a company executive said on Twitter.
 
NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write
 
CFP open for ClubHack2011
 
cgcraft llc (collections.php?id) Cross Site Scripting Vulnerabilities
 

Flexible stance: SC Canada infosec pro of the year
SC Magazine US
Mark Fabro has successfully married tech knowledge and C-level chops to help elevate his role -- and awareness around SCADA security -- to the next level. You must be a registered member of scmagazineus.com to access this content. ...

and more »
 
Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities
 
[slackware-security] samba (SSA:2011-210-03)
 
[slackware-security] dhcpcd (SSA:2011-210-02)
 
[slackware-security] libpng (SSA:2011-210-01)
 
Last summer I spent a few days with a company to assess the human side of their operation. As part of the process, the CSO and I walked the hallways, talked with people and then discussed our observations. During lunch on the second day, I asked about his team -- specifically how he managed his team to get the results he was responsible for.
 
The European Union's computer security agency is warning that standards under development as part of HTML5 are undergoing rewrites that may neglect important security issues.
 
Amazon Web Services has opened the fifth annual AWS Start-Up Challenge, a contest that aims to recognize innovative uses of its cloud computing platform.
 
The judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google's attempt to get a potentially damaging e-mail redacted.
 
When Jed Clampett's shot missed its intended target, hit the ground and struck oil, we got "The Beverly Hillbillies." Part of what made the story interesting was that old Jed found unexpected riches in something he already owned.
 
Christopher Burgess on writing a new prescription for health data trust.
 
In an exclusive interview, CEO Michael Dell talks about his company's new direction and its plans to serve a diverse midmarket
 

Anton Chuvakin to Gartner
CSO (blog)
Infosec author and SIEM, log management, PCI DSS expert Anton Chuvakin starts a new job with Gartner today. Chuvakin is one of the giants of information security and has written many an article for this site. Gartner was wise to hire him. ...

 
Apple's Safari last month posted its biggest increase ever in usage share, beating perennial champion Chrome in the gain game, Web metrics vendor Net Applications said today.
 
Foxconn, the maker of Apple's iPhone and iPad, plans to rely more on robots for manufacturing over the coming years, allowing the company to invest more in research and development and save on labor costs.
 
The 18-year-old teenager identified by police as the spokesman for the hacking groups Anonymous and Lulz Security was charged on Sunday with five offenses and expected to appear Monday in a London court.
 
Planting the seeds to potentially disrupt its own successful franchise in Flash-based animation, Adobe has released a preview version of a new application, called Adobe Edge, designed for assembling dynamic Web content using HTML5 and related open Web standards, the company announced Monday.
 
Erlang/OTP SSH Library Random Number Generator Weakness
 

Advanced persistent threat (APT) defense; best practices
SearchSecurity.in
Advanced persistent threats (or APTs) have become the new catchphrase in the global infosec community. This tag refers to new age threats, orchestrated to persistently target a designated entity, as with worms like Stuxnet. ...

 
Smartphone malware isn't yet as big a threat as you might think, but it's coming. Here are some tips to help you avoid it.
 
The MySQL community is a hotbed of free, open source tools to enhance the performance and health of your MySQL systems
 

Posted by InfoSec News on Aug 01

http://www.theregister.co.uk/2011/08/01/stuxnet_and_jails/

By Richard Chirgwin
The Register
1st August 2011

Hard on the heels of warnings that critical systems in America are
vulnerable to Stuxnet-style attacks, a group of security researchers
says SCADA systems and PLCs make prisons vulnerable to computer-based
attacks.

In a white paper published here, Teague Newman, Tiffany Rad and John
Strauchs say the use of PLCs (programmable logic...
 

Posted by InfoSec News on Aug 01

Forwarded from: Luiz Eduardo <le (at) ysts.org>

Hello ISN readers, the call for papers for Silver Bullet 2011 is opened!

Silver Bullet 2011 - Information Security Event - Call for Papers

http://www.sbconference.com.br
November 12th & 13th, 2011
Sao Paulo - Brazil

About:

Silver Bullet will bring together well-known professionals, enthusiasts
and beginners in all things related to information security. Two tracks
covering, but not...
 

Posted by InfoSec News on Aug 01

http://www.networkworld.com/news/2011/073111-blackhat-roundup.html

By Ellen Messmer
Network World
July 31, 2011

Ready to power on next week, the annual Black Hat Conference in Las
Vegas promises to be the high-voltage event it has been in the past
where security experts tear apart any naïve hope that there's really
anything secure at all that was ever made by the high-tech industry.

Black Hat 2011 will showcase more than 50...
 

Posted by InfoSec News on Aug 01

http://www.eweek.com/c/a/Security/Sony-Breaches-a-Reminder-for-Enterprises-to-Check-Liability-Insurance-140926/

By Fahmida Y. Rashid
eWEEK.com
2011-07-29

Not all insurance policies are created equal and organizations should
check their policies before a data breach to see if they are covered. In
the case of Sony, perhaps not.

Recent high-profile cyber-attacks have renewed interest in
cyber-insurance as CEOs worry about covering the cost of...
 

Posted by InfoSec News on Aug 01

http://www.informationweek.com/news/security/vulnerabilities/231002943

By Mathew J. Schwartz
InformationWeek
July 29, 2011

Updated forensic software can steal Apple OS X login passwords in
minutes, even when the devices are locked or asleep.

To be successful, however, users of the software, Passware Kit Forensic
v11, must have physical access to the target Mac device, as well as a
FireWire cable connection. At that point, the software can...
 

Posted by InfoSec News on Aug 01

http://www.computerworld.com/s/article/9218759/Anonymous_releases_documents_it_says_came_from_ManTech

By Robert McMillan
IDG News Service
July 29, 2011

As promised, members of the Anonymous hacking movement have released
hundreds of megabytes of documents that they say were stolen from
government security contractor ManTech.

The data released on the Pirate Bay file-sharing site late Friday
contain nearly 400 megabytes of documents --...
 
Samba SWAT 'user' Field Cross Site Scripting Vulnerability
 
Samba SWAT Cross Site Request Forgery Vulnerability
 
Internet Storm Center Infocon Status