InfoSec News

This week's feature just went live so keep checking back as information is added and subscribe to the RSSto keep updated in your favorite reader! Introducing the Handler Select News feed at https://isc.sans.edu/handler_feed.html listing news items highlighted by the ISCHandlers.
The top summary explains the page in detail and links to one of the news sources at https://isc.sans.edu/newssummary.html
Subscribe to the Handler Select News RSS feed! links to an RSSfeed at https://isc.sans.edu/handler_feed.xml
Sort By - Title, URL(linked in title), Date or Handler Rating. Click again to reverse sort order.
Select News lists the current Handler Select News items

Title links out to the full post
From is the source of the news item
Stars are the average rating from 1-5 by the handlers
Full date/time of when the item was added to the Handler Select Feed

We have awesome additional features planned for this so stay tuned!
Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Stom Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Medical technology company Stryker has seen high performance and minimal downtime since selecting a virtualised product from Citrix to speed distribution of updates for its JD Edwards (JDE) ERP platform, according to Stryker associate director of Global IT infrastructure, Adam Levin.
Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
The judge in Apple's patent-infringement suit against Samsung Electronics turned down Apple's request that she rule in its favor as punishment for an improper disclosure by Samsung.
Twitter is basking in the Olympic spotlight, with athletes tweeting about the games and fans around the world tweeting their support.
Oracle is planning to unveil new migration tools that help customers port applications written for SAP's Sybase Adaptive Server Enterprise product over to Oracle's own flagship database and Exadata database machine, according to a session scheduled for the upcoming OpenWorld conference.
UPS workers are taking advantage of new wearable scanning technology that speeds up package loading and quickly transmits online tracking data to customers.
At study by the Ponemon Institute shows 63% of organizations do not fully secure confidential documents.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
29C3: Call for Participation for 29th Chaos Communication Congress
Microsoft will walk away from the 'Metro' tag it's been using for over a year to describe the new environment and apps in both Windows 8 and Windows RT, the company confirmed Friday.
NASA announced Friday morning that it's on track to once again launch astronauts into space from U.S. soil within five years.
Samsung will unveil the larger Galaxy Note 2 on August 29 in Berlin, according to a Reuters report today.
The Wi-Fi police seem to be clamping down on unauthorised hotspots at the Olympics, US missile defence staff are no longer allowed to watch porn while on duty, and hackers build an EXEPDFJARHTML file

JW Player Multiple Cross Site Scripting Vulnerabilities
JW Player 'player.swf' Multiple Cross Site Scripting Vulnerabilities
[ MDVSA-2012:122 ] icedtea-web
[SECURITY] [DSA 2520-1] openoffice.org security update
MokaFive Suite brings polish and control to virtual desktops on Windows, OS X, or bare metal, with a nod to the iPhone and iPad
A final copy of Windows 8 leaked to the Internet on Thursday, just a day after Microsoft stamped the new operating system as finished.
Microsoft has released Attack Surface Analyzer 1.0, a free tool that can help system administrators, IT security professionals or software developers understand how newly installed applications can affect the security of a Windows OS.
When Apple finally opened up the iPhone to third-party apps in 2008, some of the earliest ones I downloaded were music identification apps. These apps can listen to ambient music and identify the song title and artist as well as provide other relevant info. Things have come a long way since then; more apps have joined the party and many of them have added tons of features. So with all the choices available in music ID apps, how can someone choose the best one? In my opinion, there are quite a few criteria to consider, but I think there are three important measures to consider.
Cloud services promise low cost-of-entry and rapid return on investment, but those advantages make it easy to overlook associated investments.
The U.S. House of Representatives voted late Thursday to send a message to the United Nations' International Telecommunication Union that the Internet doesn't need new international regulations. The vote was unanimous: 414-0.
Taiwanese smartphone maker HTC said on Friday it needs to bolster its brand, forecasting a decline in revenue and profit in the third quarter.
An amended proposal for a "Cybersecurity Act" that would have the US government and businesses exchange information on cyber threats mostly on a voluntary basis has failed to achieve a majority in the Senate

In an attempt to block spam or privacy-invading software and other "dangerous" programs, Google has tightened up its guidelines on the apps that it publishes in the Google Play store

Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
Oracle Outside In Technology CVE-2012-3110 Remote Code Execution Vulnerability
Oracle Outside In Technology CVE-2012-3109 Remote Code Execution Vulnerability
Oracle Outside In Technology CVE-2012-3107 Remote Code Execution Vulnerability
Oracle Outside In Technology CVE-2012-3106 Remote Code Execution Vulnerability
Oracle Outside In Technology CVE-2012-1772 Remote Code Execution Vulnerability
Samsung Electronics has asked a court in California to strike down Apple's "self-serving" recommendation of sanctions against the South Korean company for revealing to the press documents that were not allowed as evidence in a patent dispute.
The dead can't speak for themselves. But they can apparently file U.S. tax returns.
The Japanese semiconductor industry is on a downward spiral as rival companies in Taiwan, South Korea and the U.S. made gains in chip, memory and integrated circuit sales, research firm IC Insights said in a study.
When NASA's newest and largest robotic rover lands on Mars early Monday morning, it will use a supersonic parachute, a tether and rockets to safely alight 350 million miles from home
Bind DynDB LDAP CVE-2012-3429 Package Remote Denial of Service Vulnerability

Posted by InfoSec News on Aug 03


By Mark Hosenball
Aug 2, 2012

The U.S. government's only facility for handling, processing and storing
weapons-grade uranium has been temporarily shut after anti-nuclear
activists, including an 82-year-old nun, breached security fences,
government officials said on Thursday.

WSI Oak Ridge, the contractor responsible for...

Posted by InfoSec News on Aug 03


By Phil Muncaster
The Register
2nd August 2012

Chinese telecoms kit maker Huawei has said it is investigating claims by
researchers that two of its router products contain serious
vulnerabilities which could allow hackers to remotely take control of
the devices.

Felix Lindner and Gregor Kopf of Berlin-based Recurity Labs announced
their findings at the Defcon...

Posted by InfoSec News on Aug 03


By Michael Riley and Dune Lawrence
July 26, 2012

The hackers clocked in at precisely 9:23 a.m. Brussels time on July 18
last year, and set to their task. In just 14 minutes of quick keyboard
work, they scooped up the e-mails of the president of the European Union
Council, Herman Van Rompuy, Europe’s point man for...

Posted by InfoSec News on Aug 03


By Ryan Huang
August 2, 2012

Eight South Koreans have been arrested in the Philippines for allegedly
hacking into Globe Telecom, one of the country's largest telcos, in
order to lower the cost of international mobile phone calls for other
countrymen there.

Philippine police cybercrime division chief Gilbert Sosa said the
hackers were rounded up Monday...

Posted by InfoSec News on Aug 03


By Peter Maass and Megha Rajagopalan
Threat Level

Gen. Keith Alexander is the director of the National Security Agency and
oversees U.S. Cyber Command, which means he leads the government’s
effort to protect America from cyberattacks. Due to the secretive nature
of his job, he maintains a relatively low profile, so when he does
speak, people listen...
Dell SonicWALL Scrutinizer 'q' Parameter SQL Injection Vulnerability
Internet Storm Center Infocon Status