Hackin9

InfoSec News

Consumers in the areas hardest hit by Hurricane Sandy may not get wired phone, Internet and video service back for as long as two weeks, Verizon Communications warned on Friday, while the FCC reported continued slow progress by carriers in restoring mobile coverage.
 
Oracle Solaris CVE-2012-5095 Local Security Vulnerability
 
Five years after its inception, Android is more dominant than ever in the smartphone OS market, despite facing a number of challenges along the way.
 
There's been a lot of talk from hardware vendors about 64-bit ARM servers, but without software the fledgling platform won't get very far. Several big vendors made announcements this week that show software support is on its way.
 
PgBouncer 'add_database()' Function Denial of Service Vulnerability
 

Earlier today, ISC reader Travis noticed that his proxy server was blocking some images from BusinessWeek Business Exchange (bx.businessweek.com). On closer inspection of the blocked content, he found that some files indeed had peculiar contents:





A company from Italy that sells log cabins probably cannot afford to advertise for their services on Businessweek...



The lamiabiocasa site is currently not returning any malware (at least not when we tried to investigate). A Google search for the same URL reveals though that plenty other sites are similarly affected, so this IFRAME is obviously part of an injection attack that must have been going on for a while.



On Businessweek, it is their 404 Error page that currently seems to be affected. It returns an Under Construction message that includes the nasty iframe. According to passive DNS, there are currently more than 10000 DNS domain names pointing to the one IP address that is also used by Lamiabiocasa (195.110.124.133). Chances are this aint good...




(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In a sign of increasing anxiety anxiety there is over the use of electronic voting machines, the Republican National Committee this week alleged problems with e-voting machines in six states that use them for early voting.
 
Twitter launched an interactive map to shine a spotlight on which of the presidential candidates' tweets gain the most traction in different areas of the country.
 
Hurricane Sandy brought the tide in, literally. But the flooding in lower Manhattan had the same effect on data centers that exposed the problems and shortcomings in the system.
 
Facebook has launched an expanded privacy education campaign for new users, with the focus on default settings, user access to their own data and deciding who they share their information with.
 
Lenovo is gobbling up market share and is now neck-and-neck with Hewlett Packard for leadership in overall PC sales. For our CEO Interview Series, Chief Content Officer John Gallant talked recently with David Schmoock, President of Lenovo in North America, at IDG Enterprise's CITE conference on consumerization of IT in New York City.
 
Check Point UTM-1 Edge and Safe Multiple Security Vulnerabilities
 
Ron Knode, who passed away earlier this year, was a tireless advocate for cloud security transparency.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Security 7 Award 2012 honors seven outstanding information security pros. Find out who won this year’s Security 7 Award.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
With the U.S. presidential election on Tuesday, it's fair to say that technology policy hasn't risen to the top of the agenda in the debate between President Barack Obama and Republican challenger Mitt Romney.
 
Malware continues to change at a rapid pace, as evidenced by new types of high-tech, military-grade malicious code grabbing headlines such as Stuxnet, Duqu and Flame.
 
In this edition, there's a false hacker alert, a hacker scapegoat, hacking CAPTCHAs and hacking apps on a mobile device, restyled government trojans, advice on identity and defective Wi-Fi


 
The networking specialist has detailed security vulnerabilities in its products that could be used by an unauthenticated attacker to, for example, remotely execute arbitrary commands or cause a denial-of-service


 
Until recently, a special search query returned over a million links from which it was possible to access other users' Facebook accounts without logging in. It appears that users themselves were responsible


 
The French security company claims that it has developed an exploit that bypasses the new protective features of Windows 8. Vupen doesn't plan to report the vulnerabilities to Microsoft, instead selling the exploit code to paying customers


 
LibreOffice and OpenOffice Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
 
At its conference this week, Microsoft pulled out all the stops to convince developers why they should build Windows 8 apps.
 
Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users.
 
Re: [Full-disclosure] XSS, LFI and SQL Injection Vulnerabilities in Achievo
 
[security bulletin] HPSBMU02815 SSRT100715 rev.4 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
 
[security bulletin] HPSBMU02827 SSRT100924 rev.1 - HP Performance Insight with Sybase, Remote Denial of Service (DoS) and Loss of Data
 
HP Intelligent Management Centre 'uam.exe' Stack Buffer Overflow Vulnerability
 
[security bulletin] HPSBUX02824 SSRT100970 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
 
Plans to use electronic voting machines in Tuesday's presidential election appear to be largely unaltered in states that were hit hard by Hurricane Sandy.
 
An unexpected bug cropped up after new hardware was installed in one of Amazon Web Service's Northern Virginia data centers, which caused the more than 12-hour outage last week that brought down popular sites including Reddit, Imgur, AirBNB and Salesforce.com's Heroku platform, according to a postmortem issued by Amazon.
 
The OpenBSD development team has released version 5.2 of its free BSD-based UNIX-like operating system. The most important change is that OpenBSD's multi-threading support has now been switched from userland to kernel threads


 
Plans to use electronic voting machines in Tuesday's presidential election appear to be largely unaltered in states that were hit hard by Hurricane Sandy.
 
Japan's Sharp, a major supplier of LCD displays to Apple and other manufacturers, has warned that it may not survive if it can't turn around its business, an admission that caught few off guard.
 
It's not exactly the type of advertisement most people would understand.
 
A kernel flaw that bypassed ASLR, WebKit vulnerabilities and a problem with Passbooks and passcodes are fixed in the latest release of iOS. The WebKit problems are also fixed in the desktop version of Safari


 
Here's how ergonomics, electronics and economics have contributed to the look and feel of the computer keyboard over the years. What will our fingertips type on next?
 
Lenovo is gobbling up market share and is now neck-and-neck with Hewlett Packard for leadership in overall PC sales. For our CEO Interview Series, Chief Content Officer John Gallant talked recently with David Schmoock, President of Lenovo in North America, at IDG Enterprise's CITE conference on consumerization of IT in New York City.
 
Fox-IT, the company in charge of investigating the DigiNotar SSL disaster, has released its findings in a 101-page report. It's a fascinating read – and not just for administrators


 

Cos Addressing Only Short-Term InfoSec Threats: E&Y
Biztech2.com
Organisations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies according to Ernst & Young's Global Information Security Survey 2012 report. The report, now ...

and more »
 
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
 
Internet Storm Center Infocon Status