Hackin9
Apple was dealt a blow in its second major patent-infringement lawsuit against Samsung when a Silicon Valley jury awarded the iPhone maker damages of just $119.65 million for Samsung's infringement of several of its smartphone patents.
 
Apple was dealt a blow in its second major patent-infringement lawsuit against Samsung when a Silicon Valley jury awarded the iPhone maker damages of just $119.65 million for Samsung's infringement of several of its smartphone patents.
 
 

ITProPortal

Infosec survey points to rise in attacks on IT infrastructure
ITProPortal
HP conducted a survey at Infosec this week, to judge how those present felt about IT security in general – and the message is that the majority are seeing an increase in malicious activity targeting their servers. Across 150 attendees which HP talked ...

and more »
 
Qt QtGui GIF Image Handler Local Denial of Service Vulnerability
 
OpenStack python-keystoneclient CVE-2014-0105 Privilage Escalation Vulnerability
 
dpkg CVE-2014-3127 Incomplete Fix Local Directory Traversal Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1524 Remote Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1529 Security Bypass Vulnerability
 
[security bulletin] HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
 
[security bulletin] HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
 
[security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information
 
[security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges
 
The Air Force announced this week that researchers with the 711th Human Performance Wing at Wright-Patterson Air Force Base in Ohio are testing Google Glass for potential battlefield use.
 
The Blu-ray disc format, once seen as a savior for the home entertainment industry, is struggling to survive under the assault of video-on-demand and downloads.
 
Twitter, LinkedIn and eBay quarterly earnings show what Internet companies are up against.
 
The U.S. and German governments remain far from an agreement on the appropriate level of surveillance by the U.S. National Security Agency on German residents, leaders of both countries said Friday.
 
The FTC can be compelled to disclose details of the data security standards it uses to pursue enforcement action against companies that suffer data breaches.
 

(Source: Mathew Schwartz)
Dark Reading
Information security professionals and technology vendors from Europe and beyond descended on London this week for the annual Infosecurity Europe conference. The topics of privacy and surveillance dominated conference presentations and panels.

 
Python Imaging Library Package Multiple Information Disclosure Vulnerabilities
 
Django CVE-2014-0473 Cross Site Request Forgery Vulnerability
 
Django CVE-2014-0474 Multiple Data Type Injection Vulnerabilities
 
[security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information
 
Re: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
 
[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
 
[security bulletin] HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
 
Linux Kernel 'mlock_vma_page()' Function Denial of Service Vulnerability
 
[security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information
 
[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
 
[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
 
Microsoft is giving the IT admin crowd an updated toolset for managing encryption with the latest release of its Desktop Optimization Pack, better known as MDOP.
 

ITProPortal

Survey finds two thirds at Infosec see increase in IT attacks
TechRadar UK
Almost two thirds of attendees at the Infosec 2014 conference in London believe that the frequency of attacks on IT infrastructure has increased over the past year, according to a new survey by HP. Of the 150 people at the event, 60 per cent noticed a ...
Infosec survey points to rise in attacks on IT infrastructureITProPortal

all 3 news articles »
 

Infosec 2014: What did we learn?
Computing
What kind of bare-faced cheek caused the FBI to ask conference delegates for even more support in accessing their closely-guarded private data? And what does a noticeable reduction in large cyber security industry vendors at Infosec say about shifting ...

 
Reddit cofounder Alexis Ohanian has launched a crowdfunding campaign to let the U.S. Federal Communications Commission know, in a big and bold message, that many Internet users are not happy with the agency's new net neutrality proposal.
 
Amtelco miSecureMessages CVE-2014-0357 Unauthorized Access Vulnerability
 
Xen 'HVMOP_set_mem_type' Operation Remote Denial of Service Vulnerability
 

Survey finds two thirds at Infosec see increase in IT attacks
TechRadar UK
Almost two thirds of attendees at the Infosec 2014 conference in London believe that the frequency of attacks on IT infrastructure has increased over the past year, according to a new survey by HP. Of the 150 people at the event, 60 per cent noticed a ...

 
HP has been through some tough times, but it's in the midst of a turnaround that's succeeding largely because the company's head of human resources, Tracey Keogh, is making HP a great place to work once again.
 
LinuxSecurity.com: Several security issues were fixed in OpenJDK 6.
 
LinuxSecurity.com: An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: JBIG-KIT could be made to crash or run programs if it processed a speciallycrafted image file.
 
LinuxSecurity.com: A malicious source package could write files outside the unpack directory.
 
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated Django packages that fix three security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated Django packages that fix three security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: The Unity lock screen could be bypassed.
 
LinuxSecurity.com: A stack-based buffer overflow vulnerability has been found in udisks, allowing a local attacker to possibly execute arbitrary code or cause Denial of Service.
 

Tom Webb

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
3D Systems, the company that will print the modules for Google's Project Ara smartphone, is exploring conductive ink as a way to create circuitry for the devices.
 
Hewlett-Packard is selling its data center services in a new way, via a program it calls "facilities as a service," or FaaS.
 
Samsung Electronics has sent out invitations to a May 28 event in San Francisco, at which the company is expected to expand its health-related offerings
 
Australia's customs service seized on Thursday more than 6,000 weapons that arrived in the country from China, including a batch of fake iPhones that deliver electric shocks.
 
A lawsuit filed Thursday accuses Google of strong-arming device manufacturers into making its search engine the default on Android devices, driving up the cost of those devices and hurting consumers.
 

Posted by InfoSec News on May 02

http://arstechnica.com/security/2014/05/emergency-patch-for-critical-ie-0day-throws-lifeline-to-xp-laggards-too/

By Dan Goodin
Ars Technica
May 1, 2014

Microsoft has released an emergency update for all recent Windows
operating systems—including the recently decommissioned XP—fixing a
critical security bug that is currently being exploited in real-world
attacks.

The decision to patch XP underscores the potential seriousness of the...
 

Posted by InfoSec News on May 02

http://www.starnewsonline.com/article/20140501/ARTICLES/140509973/-1/no_url?Title=Computer-server-at-UNCW-hacked-university-officials-say

By Wayne Faulkner
Star News Online
May 1, 2014

A computer server at the University of North Carolina Wilmington has been
hacked, possibly giving access to personal information of some employees
and students.

The university said Thursday that it is investigating the event, but
indicated that so far it had...
 

Posted by InfoSec News on May 02

http://www.healthcareitnews.com/news/vendor-sacked-after-HIPAA-breach-blunder

By Erin McCann
Associate Editor
Healthcare IT News
May 1, 2014

Can a subcontractor expect to keep the job after accidentally posting
protected health information of some 15,000 patients online? A Boston
teaching hospital says, 'definitely not.'

The 496-bed Boston Medical Center in Massachusetts has fired third-party
vendor MDF Transcription after...
 
If you haven't heard of Android Silver -- assuming it's real -- yet, it's because it's not been officially announced by Google.
 
The Internet of Things is likely to bring 'a major inflection point in security' sooner than you think.
 

Posted by InfoSec News on May 02

http://www.eweek.com/security/data-theft-a-major-concern-for-organizations.html

By Nathan Eddy
eWEEK.com
2014-05-01

This will not come as a surprise to most IT security people: Most
enterprises lack the tools and business intelligence to protect their
critical information in an optimal manner, according to new research
conducted by the Ponemon Institute and sponsored by Websense.

The main problems are a critical deficit of security solution...
 

Posted by InfoSec News on May 02

http://www.theregister.co.uk/2014/05/02/study_users_dont_much_care_about_heartbleed_hacking_dangers/

By Shaun Nichols
The Register
2 May 2014

Despite dire warnings from security experts and a massive public awareness
campaign, users are less aware of the Heartbleed flaw than other recent
security threats.

So say researchers with the Pew Research Center. According to a public
survey of 1,501 people conducted by the company, less than one...
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1530 Security Bypass Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1523 Out of Bounds Denial of Service Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1518 Multiple Memory Corruption Vulnerabilities
 

Europe's Infosec 2014 Paints Picture of Industry in Transition
Channelnomics
LONDON — Those who braved the tube strike to attend Infosec 2014 will leave with the impression of both an event and industry in a state of flux. This is the IT security extravaganza's final year in Earls Court but this year's event was also ...

and more »
 
Internet Storm Center Infocon Status