UGA warns public to be wary of holiday scams
Online Athens
The IRS also has the exempt organizations list available online to research before donating to a charity. The Office of Information Security at UGA has more information on identity theft and phishing scams available at infosec.uga.edu.

and more »
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
CareerCloud's app tracks what it calls "hidden jobs leads" -- public tidbits of information that hint a company may soon be hiring.
HealthCare.gov, the U.S. government's insurance-shopping website, had to deploy a user queuing feature Monday because of heavy traffic, just days after the U.S. Department of Health and Human Services announced the troubled site was working well for a majority of users.
Intel's open-source Galileo computer aimed at hardware hackers and the do-it-yourself crowd has started shipping to distributors and will be available to the public in two weeks.

IT Business Edge

Thirteen Exciting Security Startups to Watch
IT Business Edge
Over and over, we see security startups with clever technologies thrive, grow and then get purchased by one of a handful of Infosec giants - only to be replaced by the next bunch of innovative security startups. In the last few months alone McAfee ...

U.S. regulators have given the green light to Microsoft's acquisition of Nokia's handset business, moving the deal a major step closer to wrapping up.
Since Comet ISON's tumultuous close approach to the sun on Thursday, scientists have been working to determine whether it still exists or is now nothing more than dust.
China on Monday launched a lunar probe carrying an exploration rover in what is expected to be the nation's first soft-landing on an extraterrestrial body.
EMC Document Sciences xPression CVE-2013-6177 Unspecified Directory Traversal Vulnerability
EMC Document Sciences xPression CVE-2013-6175 Multiple HTML Injection Vulnerabilities
EMC Document Sciences xPression CVE-2013-6174 Unspecified Open Redirection Vulnerability
librsvg XML External Entities CVE-2013-1881 Information Disclosure Vulnerability
Latest Hewlett-Packard Android tablets with multiple screen sizes are available at company's website.
Apple's discounts of the iPad Air and first-generation iPad Mini were "very aggressive," a retail analyst said today, and were aimed at scooping up as much U.S. tablet market share as possible.
Topology of a covert mesh network that connects air-gapped computers to the Internet.

Computer scientists have developed malware that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection.

The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an "air gap" between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals.

The researchers, from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently disclosed their findings in a paper published in the Journal of Communications. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps. The new research neither confirms nor disproves Dragos Ruiu's claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today's malware.

Read 6 remaining paragraphs | Comments



Your iPhone as an attack vector and other coming attractions
SC Magazine
This may lead to greater collaboration between infosec teams and HR departments. Related Articles. Biometrics alternatives coming next year. Related Topics. Reboot 2013 · Threats. Please enable JavaScript to view the comments powered by Disqus. close ...

Yahoo has acquired SkyPhrase, a natural language processing startup, in a move that could improve Yahoo's ability to make sense of user queries and commands across any number of Yahoo products.
Latest Hewlett-Packard Android tablets with multiple screen sizes are available at company's website.
The Bureau of Labor Statistics paints a dark picture of the IT job market, but theres a bright spot -- CIOs are hiring more skilled IT contractors.
Three and a half years after the launch of the original Apple iPad, with so many tablets choices available, the personal devices have had to constantly boost their quality and features to stand out from the crowd. With so many great options, what tablet tops your wish list this holiday season?
Multiple Vendors 'RuntimeDiagnosticPing()' Stack Buffer Overflow Vulnerability
HP Service Manager and ServiceCenter CVE-2013-4844 Unspecified Remote Code Execution Vulnerability

Akamai buys DDoS mitigation provider Prolexic in $370 million deal
Mike Rothman, president and analyst with Phoenix-based information security advisory firm Securosis LLC, said that Akamai's recent attempts to enter the infosec market have yielded mixed results. Prolexic's approach to DDoS mitigation might be the best ...

and more »
U.S. regulators have given the green light to Microsoft's acquisition of Nokia's handset business, moving the deal a major step closer to wrapping up.
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
Protecting yourself against phishing attacks used to be relatively easy. Don't download unexpected attachments. Visit banking websites directly instead of clicking on links in an email. And look for bad grammar.
WorldCIST'14 - Submission deadline: December 7
[SECURITY] [DSA 2807-1] links2 security update

UGA warns public to be wary of holiday scams
Online Athens
The IRS also has the exempt organizations list available online to research before donating to a charity. The Office of Information Security at UGA has more information on identity theft and phishing scams available at infosec.uga.edu.

Apple's Mavericks operating system set the OS X early-adoption record last month, with a third of all Macs running the new edition within weeks of its introduction.
[security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution


Thank you to all who reported! Reports are that SSH based attacks are increasing. We will continue to monitor!


We have a report of a much greater than the normal noise of SSH based attacks. Anyone else seeing this?

Richard Porter

@packetalien || rporter at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
UnrealIRCd Unspecified Multiple Denial of Service Vulnerabilities
Content delivery services provider Akamai Technologies plans to buy Prolexic Technologies, a distributed denial-of-service (DDoS) mitigation specialist, for $370 million in cash.
Google Glass ranks among the most anticipated of wearable technologies. But a pair of glasses with a small computer screen above one eye is bound to raise concerns about security, privacy, and even the health and safety of the person wearing it.
Nearly half of all contact centers consistently collect and report on metrics that they never use to improve the customer experience, according to a new survey.
International travel can require some pretty strong security measures if your devices contain sensitive information.
Despite production problems, Dutch company Fairphone is getting ready to ship the first batch of its green smartphones, which have been developed with as much conflict-free materials as possible.
VMware's latest salvo in its virtualization war with Microsoft is vSphere 5.5, which features a host of improvements, the most interesting being high availability, support for Big Data/Hadoop and improved storage and backup.
Windows 8's uptake stalled in November, while the now-aging Windows 7 continued to gain ground, a Web metrics company said Sunday.

Business Technology

Keil Hubert: Focused Vision Statement
Business Technology
Nearly anyone can torpedo a project by raising the “InfoSec” issue – whether there's a legitimate concern or not. In the healthcare sector, Information Security is often viewed as an impediment to clinical operations. I interviewed a few years back ...


Campaign promotes awareness of cyber security
7thSpace Interactive (press release)
A "Be a Smart Netizen" video contest was also organised and awards were presented at today's seminar. Details about the contest and the winning entries are available at www.infosec.gov.hk/english/promotion/campaign2013_vdc.html . For details on Build a ...

ABB MicroSCADA 'wserver.exe' Remote Code Execution Vulnerability
Kingsoft Writer CVE-2013-3934 Stack Buffer Overflow Vulnerability
Amazon.com plans to deliver packages to customers using unmanned aerial vehicles in 30 minutes or less.
Acer will have to choose new leaders with expertise in tablets and brand-building to shed its reputation as a low-end seller of notebooks, analysts said.
Big data and analytics permeate virtually every move Ford makes, from forecasting the worldwide price of commodities to figuring out what exactly consumers want, what it will build, where it should source parts and how to power its lineup of vehicles.
Kimberly Stevenson, corporate vice president and CIO at Intel, shares her ideas on running an IT department, the power of technology and the importance of technologists.
True apples-to-apples comparisons require a lot of time and effort -- in other words, money.
Technology users -- retailers, in particular -- are being snared in patent infringement lawsuits, prompting Congress to eye reforms that could change how lawsuits are filed and who pays if they're frivolous.
A popular Bitcoin discussion forum warned on Monday some user passwords may have been intercepted after the site's DNS registrar was breached.
Personal coach Kelly Walsh says some initiatives with the 'work/life balance' label are actually counterproductive.
How could a tightly restricted server in finance be compromised by malware? Really, it's not that hard.
Even as he heads to the door, Ballmer is changing how Microsoft will run for years to come.

Mail & Guardian Online

High-profile speakers at 2014 Security Summit
Mail & Guardian Online
Global information security (infosec) influencers will deliver keynotes at the ITWeb Security Summit 2014, the definitive South African event for infosec professionals. Among them is Jacob Appelbaum, independent computer security researcher, hacker and ...


Posted by InfoSec News on Dec 02


By Randy Ellis
December 1, 2013

Big brother isn't the only one watching.

Little brother is, too.

A few blocks north of the state Capitol -- in a secure, heavily fortified
portion of a building constructed to withstand the force of an EF5 tornado
-- two state cyber security analysts and a network specialist sit around a
circular pod of computer...

Posted by InfoSec News on Dec 02


By KOMO Staff
Nov 30, 2013

SEATTLE -- UW Medicine officials are alerting roughly 90,000 patients that
their personal data was compromised in an October security breach.

Early last month, a UW Medicine employee opened an email attachment that
contained malicious software. The malware took control of the computer,
which happened to be...

Posted by InfoSec News on Dec 02


By Kevin Walters
The Tennessean
December 1, 2013

FRANKLIN -- Up to five Nissan North America information security employees
could also do double duty as reserve sheriff’s deputies, assisting
investigators on forensics cases as part of a first-ever arrangement
between the automaker and the Williamson County Sheriff’s Department....

Posted by InfoSec News on Dec 02


Dec. 1, 2013

ANKARA -- New technologies and solutions against cyber threats promise to
become an emerging market in Turkey, according to officials and industry

This year alone, Turkey has hosted about a dozen conferences on
cybersecurity and new technologies. The most recent one held here Nov....

Posted by InfoSec News on Dec 02

Forwarded from: "Gene Spafford's mail bot" <spaf-mail-bot (at) cerias.purdue.edu>


The CS Department at Purdue University is in the process of significant
growth spurt.  The university has authorized a major increase over the
next few years -- and that includes new faculty positions at every
academic level:  assistant, associate, and full professor.

Because of the prominent roles CS faculty play in cyber security,...

Posted by InfoSec News on Dec 02

Over the last few months I have been fielding questions from subscribers
wondering if there is any way to get complete news articles, akin to how
InfoSec News was run in the past. The reason the list only forwards four
paragraphs of a story was because of Righthaven's [1] business model and the
fear of getting sued by copyright holders. Under the advice of legal counsel,
we went with this format.


Posted by InfoSec News on Dec 02


By Staff
The Canadian Press
December 1, 2013

TORONTO - A Canadian naval engineer is accused of trying to send
classified information on Canada’s shipbuilding strategy and marine
sovereignty to the Chinese government.

Qing Quentin Huang, 53, from Waterdown, Ont., was arrested in nearby
Burlington on Saturday, just two days after...
Internet Storm Center Infocon Status