Hackin9
Twitter made its IPO documents public Thursday and in the process revealed some juicy information about the company, like how much money it makes (or loses) and how much its executives get paid. Here are a few of the details we learned about Twitter today.
 
Twitter has fewer users and less revenue than Facebook, but in mobile advertising Twitter appears to have dodged the problems that dragged down Facebook's stock after its public offering last year.
 
Hackers broke into the internal computer network of Adobe Systems and stole information on 2.9 million customers, as well as source code for several of the company's products.
 
Ads are coming to Instagram in the next couple of months, the photo- and video-sharing app maker said Thursday.
 

Adobe said it suffered a sustained compromise of its corporate network that allowed hackers to illegally access source code for several of its widely used software applications, as well as password data and other sensitive information belonging to almost 3 million customers.

Adobe dropped the bombshell revelation shortly after KrebsonSecurity reporter Brian Krebs reported that the hack began sometime in mid August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen.

A new generation of exploits

The Acrobat software family, which is intimately linked to the nearly ubiquitous Reader application, has long been a favorite target of malware developers looking for ways to sneak their malicious wares onto people's computers. The specter of hackers having full access to the raw source code of those applications is troubling because it could make it easier to identify bugs that can be surreptitiously exploited in drive-by website attacks.

Read 6 remaining paragraphs | Comments


    






 
Microsoft Windows CVE-2012-1864 Local Privilege Escalation Vulnerability
 
Spring Security 'RunAsManager' Local Privilege Escalation Vulnerability
 
Twitter has filed for its long-awaited initial public offering, revealing a fast-growing company but one that lost money in each of the past three years.
 
Twitter has filed for its long-awaited initial public offering, revealing a fast-growing company but one that lost money in each of the past three years.
 
The latest version of Nokia Siemens Networks software for running mobile carriers is virtualized, pointing toward a future of fully cloud-based systems that could help operators run even more efficiently and roll out new services more quickly.
 
Continuing to build its portfolio of software for supporting electronic commerce operations, IBM has acquired Xtify, a provider of push notification-based marketing services for mobile platforms. Terms of the deal were not disclosed.
 
ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability
 
Cisco Unified Computing System CVE-2012-4111 Local Command Injection Vulnerability
 
Cisco Unified Computing System CVE-2012-4103 Local Command Injection Vulnerability
 
Cisco Wireless LAN Controller CVE-2013-5519 Cross Site Scripting Vulnerability
 
Cisco Unified Computing System CVE-2012-4102 Local Arbitrary Command Execution Vulnerability
 
APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update
 
[security bulletin] HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information
 
bitcointalk.org defaced

Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the Bitcointalk.org website suffered a hack that exposed users' personal messages, e-mails, and password data.

"To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure," an e-mail sent to registered users stated. "If you used this password on a different site, change it. When the Bitcoin Forum returns, change your password."

User passwords were cryptographically protected using 7,500 rounds of the SHA256crypt hash function, Bitcoin Talk administrator Theymos said in a forum on reddit. That's a significant measure that could add decades or even centuries to the task of cracking passcodes that are at least nine characters and randomly generated. Still, the hack could be damaging to the privacy of users who stored sensitive communications on the site. Bitcoin Talk administrators are in the process of figuring out how the compromise happened and don't plan to restore service until after the security hole is plugged.

Read 2 remaining paragraphs | Comments


    






 
Microsoft today said it will ship eight security updates next week to patch critical vulnerabilities in Windows and IE, with the one aimed at IE plugging the hole attackers have been exploiting for months.
 
With its acquisition of gesture-recognition company Flutter, Google may be looking to beef up Google Glass and its Android products while also looking to win over the hearts and minds of Apple iPhone users.
 
Snapchat is giving photos and videos captured with its app some longevity.
 
Adtran Netvanta 7100 and 7060 CVE-2013-5210 Multiple Security Vulnerabilities
 
[SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities
 
RETIRED: Adtran Netvanta 7100 and 7060 CVE-2013-5210 Multiple Security Vulnerabilities
 
Amazon is reportedly building a smartphone with 3D eye-tracking ability.
 
With the government closed for business, private-sector firms should consider poaching public-sector IT talent to fill open tech positions.
 
Researchers at universities in Taiwan and Japan have demonstrated a way to use proteins to create non-volatile memory and multilayer '3D' electronics.
 

AgileBits today released 1Password 4 on the Mac App Store, a major upgrade to one of the best-known password management applications.

The application has a new design and various features aimed at making it easier to use, such as a menu bar utility. It also brings back Wi-Fi Sync, which lets users sync password data from a Mac to an iOS device without storing their encrypted keychain in Dropbox or iCloud.

AgileBits described security improvements including a new keychain design with 256-bit AES encryption keys and data integrity checks that increase resistance to tampering. The design "forestalls many attacks that haven’t even been dreamt of yet," AgileBits said. 1Password 4 development was helped along by 20,000 beta testers.

Read 6 remaining paragraphs | Comments


    






 
[ MDVSA-2013:245 ] proftpd
 
Much of the talk surrounding Google Glass has focused on its consumer appeal. However, the device does have enterprise potential. CIOs should consider developing applications such as providing diagnostic advice to field service workers and mobile coupons to retail customers.
 
Cisco and Facebook have become unusual friends in a new collaboration that offers free Wi-Fi to consumers who "check in" to a participating business via a Facebook account.
 
Edward Snowden may not have acted alone, and may have had outside assistance, when he leaked information about the U.S. National Security Agency's data collection and surveillance programs earlier this year.
 
Google this week updated Chrome to version 30, patching 50 vulnerabilities and paying outsider researchers $27,000 in bounties along the way.
 
A vulnerability found recently in an OpenID-based feature of the Mozilla Persona online identity management service prompted the company to advise Web developers to check their OpenID implementations for similar issues.
 
Verizon is extending its suite of cloud services to offer a new IaaS (infrastructure-as-a-service) option, called Verizon Cloud Compute, as well as a new storage-as-a-service, Verizon Cloud Storage, that the company says offer finer granularity in pricing and stricter quality of service metrics than its competitors.
 

Swiss Infosec holt Risk-Manager einer Bank
inside-channels.ch
Das auf Beratung und Ausbildungsangebote im Bereich Informations- und IT-Security spezialisierte Unternehmen Swiss Infosec hat sich auf Anfang Oktober mit dem Wirtschaftsinformatiker Bruno Schnarwiler verstärkt. Vor seinem Wechsel war er 16 Jahre ...
Der Bankenkenner Bruno Schnarwiler neu bei der Swiss Infosec AGSOaktuell.ch

all 2 news articles »
 
Nokia hopes its Here maps will be become more accurate thanks to crowdsourced information, and is testing the concept in India.
 
The closure of cloud storage provider Nirvanix sent a chill through the cloud storage industry and its customers, but is it really a big deal?
 
Two new unlocked Android smartphones from ZTE USA -- the Grand S and the Nubia 5 -- can be pre-ordered starting Saturday.
 
Smartphone vendors have rekindled their infatuation with enterprises as the consumer segment fizzles; this week's exhibit is the launch of LG Electronics' Gate, which separates users' professional and private lives through virtualization.
 
WordPress Simple Dropbox Upload 'multi.php' Arbitrary File Upload Vulnerability
 
The U.S. government demanded from email service provider Lavabit access to all user communications and a copy of the encryption keys used to secure web, instant message and email traffic for its investigation into several Lavabit user accounts, according to a post on the Facebook page of founder Ladar Levison.
 
Mocana will soon allow companies to wrap iOS 7 apps in a layer of security software designed to insulate enterprise data from hackers who are becoming increasingly interested in smartphones.
 
The long saga of satellite operator LightSquared's quest to become a cellular carrier may come to an end soon with an auction for the company's assets scheduled for late November.
 
Google has acquired Flutter, a gesture recognition company whose technology lets people control music and movies on their desktop by waving their hands.
 
With its first computer based on the extremely low-power Quark processor, Intel is tapping into the 'maker' community to figure out ways the new chip could be best used.
 
With the addition of Apple's new Touch ID fingerprint sensor, a new 64-bit A7 processor, a refined camera system and an M7 coprocessor, the iPhone 5S's cutting edge features match its still-sharp design, says columnist Michael deAgonia.
 
Last month's awarding of the 2020 Olympic Games to Tokyo could be great news for technology.
 

It's unfortunate in the extreme that Microsoft seems to be trying to use UEFI for their own ends. I just hope that the public sees througt the "Windows 8 or nothing" approach being offered by PC manufacturers. It is a great shame that more people don't realise the very considerable advantages in using a safe and efficient operating system such as Linux - it is after all, now even flying on the international space station.  Many factors have resulted in a rapid increase in the use of Linux systems by traditional desktop users as well as operators of server systems, including desire for decreased operating system cost, increased security and support for open-source principles]  hroughout the World,  governments have passed policies moving their systems over to o Linux, including the P R of China. Microsoft must be getting wirried!  I can't see any rean need to dump Legacy Bios yet, unless you are uning something which is flakey and insecure!

 
SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler
 
Siemens Solid Edge SEListCtrlX ActiveX Memory Corruption Vulnerability
 
What scientists used to think was an impact crater on the surface of Mars now appears to be the site of an ancient supervolcano.
 
RETIRED: AjaXplorer 'checkInstall.php' Remote Command Execution Vulnerability
 
Toyota added a new concept electric vehicle to its Hamo car sharing project, which lets users rent electric cars by the minute.
 
A popular Bitcoin forum, Bitcointalk.org, remained offline Wednesday night as it investigated a cyberattack.
 
Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability
 
WebAssist PowerCMS PHP - Multiple Web Vulnerabilities
 

Posted by InfoSec News on Oct 03

http://www.networkworld.com/news/2013/100113-pci-274386.html

By Ellen Messmer
Network World
October 01, 2013

Organizations that make use of SSH keys for secure access to servers
should be aware that they may need to make some changes soon when it comes
to managing any of their networks related to payment-card processing,
according to the CEO of SSH Communications security, Tatu Ylonen.

That’s because the next version of the Payment Card...
 

Posted by InfoSec News on Oct 03

http://www.telegraph.co.uk/news/worldnews/middleeast/iran/10350285/Iranian-cyber-warfare-commander-shot-dead-in-suspected-assassination.html

By Damien McElroy, and Ahmad Vahdat
Telegraph.co.uk
02 Oct 2013

Mojtaba Ahmadi, who served as commander of the Cyber War Headquarters, was
found dead in a wooded area near the town of Karaj, north-west of the
capital, Tehran. Five Iranian nuclear scientists and the head of the
country’s ballistic...
 

Posted by InfoSec News on Oct 03

http://www.kcrg.com/news/local/UnityPoint-Security-Breach-Puts-Records-of-1800-Patients-at-Risk-226237711.html

By Erin Jordan
Reporter
KCRG.com
Oct 2, 2013

CEDAR RAPIDS, Iowa - Personal information of 1,800 UnityPoint Health
patients, including about 350 patients in the Cedar Rapids area, may be at
risk following a security breach in the network’s electronic medical
record.

Hospital employees discovered the breach Aug. 8 during a regular...
 
Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability
 
Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability
 
Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities
 
RootedCON 2014 - Call For Papers
 
All in One SEO Pack Plugin for WordPress 1.3.6.4 - 2.0.3 XSS
 
Internet Storm Center Infocon Status