Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook's application Wednesday to sell shares on the open market includes hints about its plans for mobile use and online payments, and reveals previously guarded information about how much its executives get paid.
 
Now that Facebook has filed papers for its initial public offering (IPO) with the Securities and Exchange Commission (SEC), the public is getting its first glimpse at the social network's dramatic user and revenue growth.
 
That there is growing company demand for cloud or software-as-a-service solutions should come as no surprise.
 
Despite Microsoft's stated commitment to Hyper-V in OpenStack, buggy code designed to support the hypervisor will be removed from the next version of the stack, developers decided on Wednesday.
 
Hewlett-Packard has let slip some details on its website about its upcoming Proliant Gen8 servers ahead of their official launch.
 
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
 
Facebook's decision to become a public company is seen as a bellwether for Web 2.0 stock offerings, but what will it mean for the social networking giant's 800 million users, and for the companies that build third-party apps for the site?
 
As expected, Facebook late today filed papers with the U.S. Securities and Exchange Commission for an initial public offering valued at $5 billion.
 
Apple updates released today:

security update 2012-001 for Snow Leopard (Mac OS X 10.6) and Snow Leopard server
update for Lion and Lion server (Mac OS X 10.7.2 - 10.7.3)
remote desktop 3.5.2 client
server admin tools 10.7.3


http://support.apple.com/kb/HT1222

10.7.3:http://support.apple.com/kb/HT5048

server admin tools:http://support.apple.com/kb/HT5050

Apache HTTP Server 2.2.22 Released

This version of Apache is principally a security and bug fix release, including significant security fixes:
http://httpd.apache.org/security/vulnerabilities_22.html
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Proposersamp' Conference Set for Feb. 15WASHINGTON - The National Institute of Standards and Technology (NIST) today announced a competition to award a total of approximately $10 million for pilot projects to accelerate progress toward ...
 
As expected, Facebook late today filed papers with the U.S. Securities and Exchange Commission for an initial public offering valued at $5 billion.
 
As promised, Microsoft on Wednesday shipped version 1.0 of the Kinect for Windows SDK and runtime and said partners have started selling the Kinect hardware.
 
The U.S. White House has declined to respond to a petition calling for authorities to investigate the head of the Motion Picture Association of America for bribery related to comments he made following successful online protests against two controversial copyright enforcement bills.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
usbmuxd 'libusbmuxd/libusbmuxd.c' Heap Based Buffer Overflow Vulnerability
 
Riverbed today announced the release of updates to its Steelhead network performance products as well as its Granite product line, which is based on the edge virtual server infrastructure approach that Riverbed is pushing. Whereas the former aims to boost network performance for the customers that are concerned about application delivery, the latter may attract more attention from the infrastructure management industry.
 
ARM will announce its first 64-bit processors later this year for servers and high-end smartphones, and is also taking steps to build up software support for the processor designs, said CEO Warren East earlier this week.
 
A newly filed U.S. House bill would require U.S. public companies to disclose how many employees they have in the U.S. and overseas.
 
Symantec has backtracked from assertions that 13 Android apps distributed by Google's Android Market were malicious. It now says the code in question comes from an aggressive ad network that provides revenue to the smartphone programs.
 
Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
WikiLeaks founder Julian Assange launched his appeal in the U.K. Supreme Court on Wednesday in his last attempt in Britain to avoid extradition to Sweden to face sexual assault allegations.
 
One of the principle maintainers of the Linux kernel, Greg Kroah-Hartman, has joined the Linux Foundation as a fellow, the same position held by Linux creator Linus Torvalds, the foundation announced.
 
STMicroelectronics hopes to make blurry low-light images from smartphone cameras a thing of the past with a new chip designed to boost light output from LED-based flashes.
 
A hacktivist group is claiming responsibility for exploiting website vulnerabilities and stealing the personal information of approximately 80 T-Mobile employees.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
While the RSA SecurID breach cost EMC?s security division more than $60 million, executives admit it could take years to restore its tarnished image.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft has named a Russian programmer as the one who wrote the malicious Kelihos code used to create a small botnet that peddled spam and child pornography.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The Black Hole crimeware kit has caused drive-by attacks to surge, according to the Sophos 2012 threat report.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Popular Pwn2Own hacking contest at the CanSecWest conference will be fairer to contestants and winners with larger cash prizes, says TippingPoint.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Attackers seize on the trust victim?s have in the social network by setting up a tricky man-in-the-browser attack and demanding $25 in cash.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Crossbeam performed a network security test that emulated one million simultaneous mobile users on its network security hardware.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The two database patches represented a record low for repairs to Oracle?s database management system since the CPU program began in 2005.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The banking Trojan variant Cridex can break CAPTCHA tests in just a few attempts, allowing it to create malicious email accounts used for spamming and propagating the virus.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Helping government serve the public with NEC
  We bring you tailor-made solutions built on an in-depth understanding of your unique needs. Learn how NEC?s solutions and expertise in voice and data communications, biometrics, networks and data storage can elevate your performance at www.nec.com/government
www.nec.com/government

Ads by Pheedo

 
DMARC creates an authentication loop that could help people determine the legitimacy of an email.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
More than a dozen malicious Android applications on the Android Market contain a hidden Trojan that can steal information, download more files and display advertisements on the device.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
The next level in education with NEC
  We bring you tailor-made solutions built on an in-depth understanding of your unique needs. Learn how NEC?s solutions and expertise in voice and data communications, networks and data storage can elevate your performance at www.nec.com/education
www.nec.com/education

Ads by Pheedo

 
Malicious webpages masquerading as browser updates are being used by attackers as launch pads for Trojan viruses and exploit kits.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Mobile application supports Android smartphones and tablets with virus scanning and protection from Web threats and SMS attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Companies are spending more time investigating the source of data breaches and their impacts to reduce expenses, says a survey.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Source code theft from Symantec?s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Beta version of IBM Endpoint Manager for Mobile Devices supports Apple iOS, Google Android, Symbian and Microsoft Windows Phone devices.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
The next level in education with NEC
  We bring you tailor-made solutions built on an in-depth understanding of your unique needs. Learn how NEC?s solutions and expertise in voice and data communications, networks and data storage can elevate your performance at www.nec.com/education
www.nec.com/education

Ads by Pheedo

 
Overview

Can't find that one ISC diary, about that one thing, that one time...last week or even a couple years ago? We recently enhanced the diary tag search functions on the site. We added a more granular search to the terms being queried in order to return more related results. The integrated Google search is unchanged.



What to search

Search String: The system will display links to Diary Tag matches and also list Google integrated search results.
Port Number: The system will recognize a valid port and forward you directly to the Port Information page.
IP: (ipv4 only at the moment) The system will recognize a valid IP and forward you directly to the IP Information page.



Where to Search

The most visible search box is always at the top of the right column
The footer has a search box below the Diary Archives list.
Search directly on theISC search page https://isc.sans.edu/search.html



Post suggestions or comments in the section below or send us any questions or comments in the contact form https://isc.sans.edu/contact.html



--

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook today is expected to file plans for its initial public offering -- which IT and financial analysts say could be one of the biggest IPOs in U.S. history.
 
Spending on microchips used in smartphones, tablets and related wireless devices surpassed spending on chips for computers in 2011, according to IHS, formerly iSuppli.
 
Multiple vulnerabilities in OpenEMR
 
Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
 
Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
SmokePing 'displaymode' Parameter Cross Site Scripting Vulnerability
 
802.1X password exploit on many HTC Android devices
 
ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability
 
A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.
 
Riverbed Technology plans to make enterprise data centers look like local storage at branch offices with Granite, a new accelerator technology the company is announcing on Wednesday.
 
The browser world turned upside down last month as Internet Explorer's share jumped by its largest-ever increase and Chrome posted its biggest one-month loss, Net Applications said today.
 
Research in Motion's incipient BlackBerry 10 smartphone, code-named London, has a thin and long design, according a photo obtained by CrackBerry.com.
 
[Announce] Apache HTTP Server 2.2.22 Released
 

For 'Malware as a Service' merchants, business is booming
CSO
"The life cycle of (malware) products is the most amazing aspect," writes Pierluigi Paganini, a certified ethical hacker and founder of Security Affairs in Italy, in an article posted this past week on Infosec Island. "From design to release to ...

and more »
 
An Australian company plans to offer a system to check how alert drivers are by monitoring their brainwaves ...
 
So you've decided to get Netflix. Smart move: Even with last year's notorious price hikes, the company's Unlimited Streaming service is a ridiculously good deal at $7.99 per month. You get commercial-free movies and TV shows, with no limits on viewing, streamed to just about any device you prefer--smartphone, tablet, game console, set-top box, and so on.
 
There's the printer you want and the printer you can afford. Where do your budget and your needs meet? To help you decide, we've selected the best models at or around four major price thresholds: $150, $300, $500, and $750.
 
VMTurbo has upgraded its operations management suite to support the three major virtual environments and to improve its capacity-planning tool.
 

Conseal Security, Experts in Mobile Data Protection, to Attend Infosecurity ...
Your-Story.org (press release)
At InfoSec this year, Conseal will be announcing a significant new version of its flagship product, which allows administrators unprecedented levels of control over their company's data, even after it has left their hands. Via Stand K76, Conseal will ...

and more »
 
Sony's new CEO faces a myriad of problems -- stemming massive losses, snatching the momentum back from deep-pocketed rivals, unifying his firm's diffuse businesses across the globe -- but one of his main priorities is your living room.
 
Google's changes to its privacy policy should have been expected. It's what any corporation intent on maximizing value would do. But does that make it right?
 
RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sony said executive Kazuo Hirai, who runs the company's core consumer products division, will be promoted to CEO and president.
 
Sprint Nextel has given LightSquared about six more weeks to win regulatory approval for its proposed cellular data network, extending a $9 billion deal under which LightSquared would operate on Sprint infrastructure.
 
Drive eRazer Ultra can wipe your hard drives in a variety of ways to make sure that any data that resided on it is completely and unalterably gone.
 
Whether it's a 'teaching moment' or a system that provides more efficient ticket tracking, the help desk is getting a much-needed assist in some shops.
 
Seagate Technology said the supply of hard disk drives this year will continue to fall short of demand, leading large customers to look to long-term agreements to ensure supply after devastating floods in Thailand.
 
The Swedish Supreme Court will not hear an appeal from the founders of The Pirate Bay against prison sentences and fines imposed by the Swedish Court of Appeals, the court said on Wednesday.
 
WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
 
OpenNMS HTML Injection Vulnerability
 
Acidcat ASP CMS Multiple Cross Site Scripting Vulnerabilities
 
The 5.3-in. Samsung Galaxy Note is called a smartphone, but its touchscreen and integrated S Pen stylus for drawing and taking notes elevates it into a somewhat harder to define category.
 
Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
 
Support Incident Tracker Multiple SQL Injection Vulnerabilities
 
Schneider Electric Modicon Quantum Multiple Security Vulnerabilities
 

Posted by InfoSec News on Feb 01

http://blogs.csoonline.com/security-leadership/2008/bsidessf-show-will-go

By Bill Brenner
Salted Hash
CSO Online
January 31, 2012

BSidesSF has been saved, thanks to a financial commitment from Lee
Kushner (@ljkush) at Information Security Leaders.

The announcement came shortly after Sandra Toms LePedis of RSA
Conference responded to the controversy about BSidesSF. Her post began
with the standard "RSA supports a wide ecosystem of...
 

Posted by InfoSec News on Feb 01

http://www.wired.com/threatlevel/2012/01/carder-sex-gang/

By Kim Zetter
Threat Level
Wired.com
January 31, 2012

The mastermind of a carding gang in Georgia devised a novel way for
weeding out undercover Feds from his operation -- he forced members to
have group sex, according to a local police detective who helped bust
the ring.

Vikas Yadav, an Indian national who was deported in 2010, recruited
other carders and mules through...
 

Posted by InfoSec News on Feb 01

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/232500808/researchers-postpone-release-of-free-smart-meter-security-testing-tool.html

By Kelly Jackson Higgins
Dark Reading
Jan 31, 2012

Smart grid researchers pulled their talk and planned release of a new
security assessment tool for smart grid meters during the ShmooCon
conference after a vendor voiced concerns about the research.

Don Weber, a senior security...
 

Posted by InfoSec News on Feb 01

http://www.nextgov.com/nextgov/ng_20120130_9449.php

By Aliya Sternstein
Nextgov
01/30/2012

Most government employees do not consider their usernames and passwords
to be hot commodities, but that attitude began to change with a network
attack on security contractor HBGary Federal. In early 2011, members of
the hacker activist group Anonymous leaked an executive's email
exchanges with FBI, Homeland Security Department and other...
 

Posted by InfoSec News on Feb 01

http://www.pittsburghlive.com/x/pittsburghtrib/business/s_779346.html

By Lou Kilzer
PITTSBURGH TRIBUNE-REVIEW
February 1, 2012

One of the companies spun off from Motorola Inc. last year has settled a
lawsuit with a company the former U.S. electronics giant accused of
intellectual property theft involving China.

Motorola Solutions Inc. and Lemko Corp. said on Tuesday that all issues
between the two companies -- both based in Schamburg, Ill....
 
LuraWave JP2 Browser Plug-In 'npjp2.dll' Buffer Overflow Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability
 
Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability
 
Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities
 
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
 
Internet Storm Center Infocon Status