Hackin9
Xen Page Reference Counting CVE-2013-1432 Denial of Service Vulnerability
 
Adobe Acrobat and Reader CVE-2013-0622 Remote Security Bypass Vulnerability
 
Adobe Acrobat and Reader CVE-2013-0616 Unspecified Memory Corruption Vulnerability
 
Adobe Acrobat and Reader CVE-2013-0614 Remote Code Execution Vulnerability
 
Game maker Ubisoft said on Tuesday an account database was breached due to unauthorized access of one of its websites, revealing users' personal information.
 
A plane carrying Bolivian President Evo Morales was reportedly forced into making an unscheduled stop in Austria after France and Portugal denied the plane passage over their airspace on the belief that document leaker Edward Snowden was on board, reports say.
 
Police in some U.S. cities will have a high-tech advantage this July 4 in their battle to deter and detect those who celebrate the country's birthday by firing bullets into the air.
 

Walden University's Information Security Courses Receive NSA/CNSS National ...
Wall Street Journal
The nationally recognized certification indicates that students completing these courses will possess a working knowledge of INFOSEC principles and practices; an understanding of the threats and vulnerabilities of national security information systems ...

 
In yet another mobile acquisition, Yahoo has acquired Qwiki, a New York City company that makes an app for turning photos and videos into short, edited movies.
 
Apple QuickTime CVE-2013-1018 Buffer Overflow Vulnerability
 
Apple QuickTime CVE-2013-1019 Buffer Overflow Vulnerability
 
Apple QuickTime CVE-2013-1022 Buffer Overflow Vulnerability
 
libvirt CVE-2013-1962 Remote Denial of Service Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
WordPress CVE-2013-2204 Content Spoofing Vulnerability
 
WordPress CVE-2013-2201 Multiple Cross Site Scripting Vulnerabilities
 
As part of its efforts to develop a voluntary framework to improve cybersecurity in the nations critical infrastructure, the National Institute of Standards and Technology (NIST) has posted a draft outline of the document to invite ...
 
The U.S. Federal Communications Commission has approved for public use a Google database that shows so-called spectrum white spaces available for mobile broadband devices.
 
Google Glass may be a new and innovative product with the potential to change the world, but one thing that won't change because of Glass is the search giant's unified privacy policy.
 
Opera Software on Monday released a final version of Opera 15, the first of its desktop browsers to rely on the open-source Chromium engine.
 
PECL radius 'radius_get_vendor_attr()' Function Remote Denial of Service Vulnerability
 
With millions of people tweeting about their jobs, politicians, celebrities and even their favorite sandwich, it's easy to tweet without thinking or tweet in anger. Those thoughtless tweets can offend some and stir up an online hornet's nest.
 
Former Booz Allen Hamilton employee-turned-fugitive document leaker Edward Snowden withdrawn his request for political asylum in Russia as his options for shelter in other countries appear to be dwindling.
 
AutoTrace 'input-bmp.c' Stack Based Buffer Overflow Vulnerability
 
Google's Reader is now officially dead, but the company wants to make users' transition to other content aggregators as painless as possible, partly by keeping their data available for the next couple weeks.
 
I'm a big fan of the Olloclip 3-in-one Photo Lens package (about $70), which gives iPhone users three different lenses (fisheye, macro and wide angle) for taking additional styles of photos. The system is very easy to use - the lenses snap onto the outside of your phone's regular camera lens very quickly.
 
The Electronic Frontier Foundation (EFF) and a team of legal experts has called on the U.S. Court of Appeals to free Andrew Auernheimer, a computer hacker recently sentenced to 41 months in prison for illegally accessing data from AT&T's networks.
 

Walden University's Information Security Courses Receive NSA/CNSS National ...
PR Newswire (press release)
The nationally recognized certification indicates that students completing these courses will possess a working knowledge of INFOSEC principles and practices; an understanding of the threats and vulnerabilities of national security information systems ...

and more »
 
An unmanned Russian rocket carrying three satellites suddenly stalled 17 seconds after liftoff and fell back to Earth where it exploded in a fiery crash.
 
Apple today kicked off its annual back-to-school promotion, reprising a deal that will award gift cards to customers who buy qualifying hardware.
 
With massive amounts of data, low latency, hundreds of connection points and no margin for error, financial trading is grown-up IT. Liquidnet does it in more than 40 markets with a staff of just 300. Here's how the company makes it work.
 
A large coalition of civil rights and privacy groups and potentially thousands of websites will stage protests on the Fourth of July to protest surveillance programs at the U.S. National Security Agency.
 
Microsoft has updated the mobile version of its OneNote note-taking application for iPads, iPhones and Android devices, creating a consistent look for notes across all computers, smartphones and tablets in which the're viewed.
 
The Large Hadron Collider is currently undergoing some major upgrading, which will bring scientists closer than ever before to the secrets of the universe when the particle accelerator is up and running again in 2015.
 
At least some of the data traffic coming through the German internet exchange point DE-CIX is diverted to German intelligence and other agencies. Foreign agencies apparently do not have access, however
    


 
libvirt 'virConnectListAllInterfaces' Method Denial of Service Vulnerability
 
[ MDVSA-2013:191 ] fail2ban
 
Real player resource exhaustion Vulnerability
 
[ MDVSA-2013:190 ] autotrace
 
WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities
 

In Their Own Words : Tenable Network Security CEO Ron Gula
Forbes
I have no problem speaking to rooms full of 1000 infosec people or the media, but doing a spinning back kick in front of a few bystanders was actually more stressful for me.” When it comes to the major events and inventions of this era, Ron feels that ...

 
There are many ways to connect with customers, but which ways are the most effective? Business owners and managers as well as customer relationship experts share their tips on how and where to best engage with existing and prospective customers.
 
LinuxSecurity.com: Updated autotrace package fixes security vulnerability: Stack-based buffer overflow in bmp parser (CVE-2013-1953). Updated autotrace package corrects the issue. [More...]
 
LinuxSecurity.com: Updated wordpress package fixes security vulnerabilities: A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could [More...]
 
LinuxSecurity.com: Updated otrs package fixes security vulnerabilities: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see (CVE-2013-3551, CVE-2013-4088). [More...]
 
LinuxSecurity.com: Updated apache-mod_security packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will [More...]
 
LinuxSecurity.com: libcurl could be made to crash or run programs as your login if it receivedspecially crafted input.
 
LinuxSecurity.com: Updated fail2ban packages fix CVE-2013-2178 Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. [More...]
 
WordPress 'SWFUpload' Library CVE-2013-2205 Multiple Cross Site Scripting Vulnerabilities
 
WordPress CVE-2013-2200 Privilege Escalation Vulnerability
 
[ MDVSA-2013:188 ] otrs
 
WordPress feed plugin Sql Injection
 
[ MDVSA-2013:187 ] apache-mod_security
 
WordPress CVE-2013-2199 Unspecified Security Vulnerability
 

ISACA head: Retrain military personnel to work in information security
SC Magazine UK
Terry Neal, CEO of training firm Infosec Skills, agreed that more work should be done with former military intelligence officers as they have transferable skills that are relevant, for example dealing with obstacles and crises, attention to visual ...

and more »
 
Part of a secret document published by The Guardian detailing "Dropmire," a program that reportedly spied on encrypted faxes sent to the European Union's Washington, DC, mission.
The Guardian

US intelligence services implanted bugging tools into cryptographic facsimile devices to intercept secret communications sent or received by the European Union's Washington, DC outpost, according to the latest leak from former National Security Agency staffer Edward Snowden. Technical details are scarce, but security experts reading between the lines say the program probably relies on an old-school style of espionage that parses electric currents, acoustic vibrations, and other subtle types of energy to reveal the contents of encrypted communications.

The bugging method was codenamed Dropmire, and it appears to rely on a device being "implanted on the Cryptofax at the EU embassy, DC," according to a 2007 document partially published Sunday by The Guardian. An image included in the document, presumably taken from a transmission traveling over a targeted device, showed highly distorted text that can just barely be read by the human eye as the letters "EC" followed by "NCN." The fax device was used to send cables between foreign affairs ministries and European capitals, according to Sunday's report.

The ability to approximate the plaintext message but not capture it as it appeared when fully decrypted likely means Dropmire didn't crack the precise algorithm or key used to encrypt the message. That—along with the detail about something being "implanted" in the fax device—has led to speculation that the program monitored electrical, mechanical, or acoustical energy emanating from the device to deduce clues about the plaintext messages being received. Such techniques fall under the umbrella term Tempest, which was coined more than three decades ago as an NSA tactic for reading sensitive communications relating to national security. More recently, Tempest has come to mean any investigation or analysis that uses so-called "compromising emanations" to reveal the contents of sensitive communications or lead to the decryption of encrypted data.

Read 11 remaining paragraphs | Comments

 
Microsoft is preparing to launch a new version of its Dynamics CRM software that will include improved mobile applications and integrations with Yammer, Skype and the company"s MarketingPilot marketing automation software.
 
Gartner has lowered its expectations for growth this year in global IT spending, saying it will rise 2% to $3.7 trillion. Earlier this year, the analyst firm predicted 2013 growth of 4.1%.
 
TYPO3 Accessible browse results for indexed Extension Unspecified Cross Site Scripting Vulnerability
 
Typo3 News system ('news') Extension Unspecified SQL Injection Vulnerability
 
For the latest update of Oracle Enterprise Manager, the company has taken additional steps to help organizations set up their own private clouds, using Oracle systems, software and even non-Oracle products.
 
A 30-year-old Bulgarian was extradited to the U.S. from Paraguay in order to face charges related to his alleged involvement in Shadowcrew, a large cybercrime forum that was dismantled by U.S. authorities in 2004.
 

SANS Brings World-Class Information Security Training to Las Vegas
IT Business Net
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
India launched the first of seven navigation satellites intended to deliver a regional positioning system on Tuesday. The system will be similar to the Global Positioning System owned by the U.S.
 
Scientists from around the world have been scanning the heavens for other habitable planets to find an answer to the age-old question: Are we alone in the universe?
 
Multiple HP Products CVE-2013-2341 Unspecified Security Vulnerability
 
Apple has filed for the 'iWatch' trademark in two more countries - Mexico and Taiwan, signaling that the company could be preparing to launch a smart watch.
 
A U.S. man prosecuted for exposing a weakness in how AT&T handled the personal data of its iPad users filed an appeal on Monday of his conviction and 41-month sentence.
 
Although the preview of Windows 8.1 fixes some of the problems users complained about in the previous version of the OS, is it enough? We take a close look at Microsoft's update.
 
Amazon.com's Kindle e-reader has dominated the competition in Japan since its launch last year, according to new research, showing the company's low pricing and powerful brand may have overcome its late entrance into the market.
 
An incomplete fix to a problem from 2012 has got Atlassian patching its Crowd single sign-on software in the wake of a third party advisory; the same advisory talks of an unpatched vulnerability but the company says it cannot substantiate that claim
    


 
HP LeftHand Virtual SAN Appliance CVE-2013-2343 Remote Arbitrary Code Execution Vulnerability
 

Anti-virus products should pack a punch
SC Magazine UK
To illustrate this issue, we carried out an exercise for Infosec 2013. Two weeks before the show, we packed and uploaded a new malware sample to VirusTotal. No surprise: none detected it, as it was brand new. Two weeks later, only four vendors detected it.

 

SC Interview: Amar Singh, CISO at News International
SC Magazine UK
Terry Neal, CEO of training firm Infosec Skills, agrees and says that more work should be done with former military intelligence officers as they have transferable skills that are relevant. For example, they are adept at dealing with obstacles and ...

 

Fun in the sun at April's infosec events
SC Magazine UK
We are always spoilt in April with not only Infosec, but 44Cafe and BSides London too – and this year was another corker. Traditionally, April is the month of the 'unholy trinity': 44Cafe, BSides London and Infosec. As you might expect, I was at all ...

 

Professional monitor in association with (ISC)2: Understanding the impact of ...
SC Magazine UK
With businesses actively embracing the cloud, there is a need for new skills to enable infosec professionals to deal with technology in a virtual context. “The change from traditional IT to a cloud computing environment is significant because of the ...

 
Multiple RSA Products SecurID CVE-2013-0941 Local Information Disclosure Vulnerability
 
Apache Geronimo RMI Classloader Security Bypass Vulnerability
 
Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access
 
Re: joomla com_football Components Sql Injection vulnerability
 
[CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference
 
[CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows
 
Alcatel-Lucent and Telekom Austria have completed the world's first trial of G.fast, new technology enabling gigabit broadband over existing copper networks.
 
Apple has filed for the "iWatch" trademark in two more countries - Mexico and Taiwan, signaling that the company could be preparing to launch a smart watch.
 
A U.S. man prosecuted for exposing a weakness in how AT&T handled the personal data of its iPad users filed an appeal on Monday of his conviction and 41-month sentence.
 
Apple gave notice Monday that it's appealing a $368 million award granted to patent holding company VirnetX by a federal court in Texas.
 

Posted by InfoSec News on Jul 02

http://www.infosecnews.org/isc2-foundation-offers-scholarships-for-us-military-veterans-to-become-security-professionals/

By William Knowles
Senior Editor
InfoSec News
July 2, 2013

The U.S.A. Cyber Warrior Scholarship, presented in a partnership between
(ISC)2 Foundation and Booz Allen Hamilton, provides underwriting for
training, textbooks, phone application-enabled study materials,
certification testing and placement of qualified*...
 

Posted by InfoSec News on Jul 02

https://www.computerworld.com/s/article/9240473/Vulnerabilities_found_in_code_library_used_by_encrypted_phone_call_apps

By Lucian Constantin
IDG News Service
July 1, 2013

ZRTPCPP, an open-source library that's used by several applications
offering end-to-end encrypted phone calls, contained three vulnerabilities
that could have enabled arbitrary code execution and denial-of-service
attacks, according to researchers from security firm...
 

Posted by InfoSec News on Jul 02

http://www.bankinfosecurity.com/interviews/preparing-for-cyber-patent-disputes-i-2002

By Tracy Kitten
Bank Info Security
July 1, 2013

Patent infringement lawsuits that involve security practices are becoming
more common in heavily-regulated industries. Organizations need to take
several steps to be well-prepared, advises patent attorney James Denaro.

Increasingly, claims of patent infringement are targeting technology and
software, says...
 

Posted by InfoSec News on Jul 02

http://www.nextgov.com/cybersecurity/2013/07/defense-spent-millions-counter-insider-threats-after-wikileaks-fiasco/65843/

By Aliya Sternstein
Nextgov.com
July 1, 2013

Since 2010, when Pfc. Bradley Manning allegedly downloaded classified
files from military networks and leaked them to the anti-secrecy website
WikiLeaks, the Pentagon has paid millions of dollars for technology
designed to protect networks against insiders intent on leaking...
 

Posted by InfoSec News on Jul 02

http://www.wired.com/threatlevel/2013/07/bulgarian-shadowcrew-arrest/

By Kim Zetter
Threat Level
Wired.com
07.01.13

Nine years after the Shadowcrew carding forum was shuttered in a Secret
Service sting operation, a Bulgarian accused of carding activities has
been brought to the U.S. to face charges after nearly a decade on the lam.

Aleksi Kolarov, 30, was charged in 2004 in connection with an identity
theft ring accused of trafficking in...
 
Internet Storm Center Infocon Status