Information Security News
Researchers have released technical details and attack code for 30 security issues affecting Oracle's Java Cloud Service. Some of the issues make it possible for attackers to read or modify users' sensitive data or to execute malicious code, the researchers warned.
Poland-based Security Explorations typically withholds such public airings until after any vulnerabilities have been fixed to prevent them from being exploited maliciously. The researchers broke from that tradition this week after Oracle representatives failed to resolve issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.
"The company openly admits it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centers in the future," Adam Gowdiak, CEO of Security Explorations said. The security research firm is the same one that has discovered a host of extremely severe vulnerabilities in Oracle's Java software framework, some of which have been exploited in the wild to surreptitiously install malware on end user computers.
First Info Sec highlights cutting edge next-gen secure mobility solutions at ...
First Information Security (First Info Sec), a company dedicated to offering a comprehensive range of security products and services that are in compliance with the latest international industry standard requirements, is highlighting its latest range ...
The past few days have revealed new data that suggests the recent upsurge in malware targeting routers—as Ars has chronicled here, here, and here—is not only continuing, but it's spreading to digital video recorders (DVRs).
Exhibit A came Monday from researchers at security training institute Sans, which unearthed a Bitcoin-mining trojan that has infected DVRs. The researchers found the infection while researching the source of an automated script they observed scanning the Internet for data storage devices made by Synology. The researchers eventually found that the bot ran on a DVR with an ARM processor but didn't know much else. They later determined it was part of a Bitcoin miner that took control of DVRs used to record video from security cameras, most likely by exploiting an exposed telnet port and a default root password of "12345." Samples of the malware are here. The password to access the binaries is "infected."
On Tuesday, Sans researchers uncovered evidence that the binaries can also infect routers, even when they're configured to provide network address translation (NAT), which can help lock down the security of devices on a network.
SnoopWall Unveiling Next Generation Privacy Solution for Android Devices at ...
Virtual-Strategy Magazine (press release)
The InfoSec World Expo brings together the latest advances in technology and the most innovative solutions businesses need to secure their information assets. Specialized workshops and discussion platforms are aimed to provide the professionals and ...
Miss Teen USA Promoting Privacy at InfoSec World 2014
PR Web (press release)
As SnoopWall strongly shares my mission to educate the public about online privacy, I'm happy to support and join them at the InfoSec World conference to call attention to this growing issue.” “SnoopWall is honored to have the support of Miss Teen USA ...
-Kevin -- ISC Handler on Duty(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.