Hackin9

InfoSec News


SYS-CON Media (press release) (blog)

The Encrypted Elephant in the Cloud Room
SYS-CON Media (press release) (blog)
By Lori MacVittie #infosec Encrypting data in the cloud is tricky and defies long held best practices regarding key management. New kid on the block Porticor aims to change that. Anyone who's been around cryptography for a while understands that secure ...

and more »
 
Vizzuality launched an open-source data-mapping tool CartoDB this week, promising an easy and customizable way for users to display their geospatial data.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sprint introduced the HTC Evo 4G LTE smartphone, adding a new phone to a stable of devices that will be compatible with the carrier's high-speed network when it launches soon in the U.S.
 
Google thinks the future of technology is only a little better than a poke in the eye with a sharp stick, while the company's CEO says Apple fronting on Android is just that--a front. And Apple holds the keys to the kingdom, where the kingdom equals "your data on iCloud." The remainders for Wednesday, April 4, 2012 are the keymaster--are you the gatekeeper?
 
Microsoft has received 20 submissions in the $268,000 contest it hopes will result in new security technologies being baked into Windows, a company security strategist said Tuesday.
 
Oracle rolled out a series of announcements aimed at portraying itself as a dominant player in business analytics on Wednesday, as well as one relevant to customers of rival SAP.
 
Microsoft has added its Azure cloud platform to the Cloud Security Alliance's STAR security registry, which is a listing where cloud service providers post information about their security features.
 
Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
 
A former human resources manager at Larsen & Toubro InfoTech Limited Inc., a leading India-based IT services firm, accused the company of visa fraud in a complaint filed this week in a federal court in New Jersey.
 
Re: Arbor Networks Peakflow SP web interface XSS
 
[SECURITY] [DSA 2447-1] tiff security update
 
[SECURITY] [DSA 2446-1] libpng security update
 
Sourcefire Defense Center - multiple vulnerabilities.
 
Mark Adams, vice president of IT at HireRight, is living the dream -- the chance to completely rethink the infrastructure for a $300 million software-as-a-service employment screening service company. While the nucleus of the 1,600 employee company has been around for 30+ years, a three year acquisition spree resulted in data center sprawl, leaving the company with 10 facilities, including company owned and collocation and disaster-recovery sites, some of them overseas. Now HireRight is three quarters of the way through a consolidation effort with a heavy emphasis on cloud. Adams gave an update on the company's modernization progress to Network World Editor in Chief John Dix.
 
A group of cybersecurity bills that the U.S. Congress may soon vote on contain serious privacy and civil liberties flaws, with some of the bills allowing private companies to share a wide range of their customers' online communications with government agencies, the Center for Democracy and Technology said.
 
According to "Breach Report 2011: Protected Health Information" by the IT security firm Redspin, 19 million patient health records were breached last year, a 97-percent increase from 2010.
 
As Yahoo announced layoffs of about 2,000 employees Wednesday, industry watchers were asking when its CEO will lay out his vision for the struggling company's future.
 
phpPaleo 'lang' Parameter Local File Include Vulnerability
 
Intel's former chief financial officer and current director Andy Bryant will take over as the company's board chairman next month after the retirement of current chairman Jane Shaw, according to a document filed with the U.S. Securities and Exchange Commission on Wednesday.
 
A group of cybersecurity bills that the U.S. Congress may soon vote on contain serious privacy and civil liberties flaws, with some of the bills allowing private companies to share a wide range of their customers' online communications with government agencies, the Center for Democracy and Technology said.
 
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
'Hotel Booking Portal' SQL Injection (CVE-2012-1672)
 
[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS)
 

The Dangers of Open Web Management UIs
ReadWriteWeb
Well, that is both a blessing and a curse, as the folks from the InfoSec Institute have recently reminded me in their post here this week. "Under no circumstances should these [Web interfaces] be open to the world and the Internet," writes the author ...

 
Organizations running a lot of Oracle gear and software could now get some management assistance from a software program that Oracle has made free for customers.
 
Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
 
'e-ticketing' SQL Injection (CVE-2012-1673)
 
'phpPaleo' Local File Inclusion (CVE-2012-1671)
 
[DCA-2011-0016] - Tufin SecureTrack Cross Site Script
 

Show me the money: infosec staffing budget to rise 14% next year
Infosecurity Magazine
Of all the industries examined by the survey, health care experienced the largest percentage increase in infosec staffing levels in recent years, followed by manufacturing and wholesaling. “For decades, information security specialists have been ...

and more »
 
Apple yesterday released a Java update for Mac owners that fixes a dozen security flaws, including one that has been exploited by attackers for at least two weeks.
 
Microsoft is boosting the virtualization components of its Desktop Optimization Pack suite of IT management tools.
 
As tornadoes ripped through Texas on Tuesday, people took to social networks to warn of advancing storms and to help their neighbors.
 
Multiple vulnerabilities in osCmax
 
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
 
Arbor Networks Peakflow SP web interface XSS
 
[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
 
Overview
We briefly noted this topic in https://isc.sans.edu/diary/ISC+Feature+of+the+Week+XML+Feeds/12595. If you are already signed up, you saw the recent infocon change to Yellow delivered directly to you! If you aren't signed up and don't want to miss the next one or any of our diaries published, read on! You can setup notifications at https://isc.sans.edu/notify.html.
Features
Overview - https://isc.sans.edu/overview

A typical notification will include all content as part of the subject, and a link to the relevant content in the body.
Selection from drop-down will include infocon change notification by default.
To change your subscription option, just sign up again and the new signup will replace the old one.



Subscribe - https://isc.sans.edu/notify.html#subscribe

To get started, fill in the form and click Subscribe to receive a validation email.
Notification types are defined below.
Your email can be any email or your cellular phone email assignment. Contact your provider if you need more information on this. If you are logged in to ISC, your email will be entered for you.
Approximate time of day is for daily summary email. Adjust UTC time for your timezone.



Unsubscribe - https://isc.sans.edu/notify.html#unsubscribe

Simply enter your email in the box and click Unsubscribe. If you are logged in to ISC, it will be entered for you. You will see the option to unsubscribe in every notification email.



Notification Details - https://isc.sans.edu/notify.html#notification_details

New version of a story is published: A handler may mark an update to a story as a new version if it contains a significant addition or correction (more then a spelling correction).
New Story is published: Typically, at least one story is published each day.
Once a day headlines: We will send you a list of new stories published the last 24 hrs.
Infocon Change: You will receive an email whenever the infocon changes. This happens a couple times a year. You will also receive these e-mails if you sign up for any of the other options. The Important Story option has been moved into this category.

Sample E-Mail

The Subject will always start with [ISC] followed by title such as MacOS X Java Patches.
an X-Header: sans-isc-diary is added.
The notification email will be from [email protected]
The body will contain a link to the story or stories http://isc.sans.org/diary.html?storyid=672
An unsubscribe link is included in every notification http://isc.sans.edu/notify.html#unsubscribe


Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
No matter what device you're using to access a database, FileMaker wants the finished product to look good. The latest update to the software maker's flagship database product puts an emphasis on design features regardless of which platform you're using.
 
[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection
 
[ MDVSA-2012:049 ] nagios
 
[security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS)
 
[ MDVSA-2012:050 ] phpmyadmin
 

iCritical signs Infosec Technologies as a Platinum Partner
Channel EMEA
by Andrea Babbs, Channel Manager, Wednesday 4 April 2012 4th April 2012 – Cloud web and email security vendor iCritical has today announced a new partnership with Infosec Technologies, one of the UK's leading implementers of cloud-based security ...

 
Cybercriminals are distributing a new piece of malware that's based on the ZeuS computer Trojan through rogue emails that masquerade as US Airways online check-in notifications.
 
Metro-style development support and monochrome obsession are featured in Microsoft's all-encompassing Windows development tool
 
The latest version of the cloud operating system OpenStack, known as Essex, will be released on Thursday, and supporters say that its stability should encourage larger deployments.
 
[ MDVSA-2012:047 ] freeradius
 
[ MDVSA-2012:046 ] libpng
 
Hackito 2012 Crypto Challenge
 
IPv6 stable privacy addresses
 

Silicon Valley CEO discusses Google Fiber innovation opportunities for Kansas City
Albany Times Union
Mr. Salem's interview was part of "InfoSec Night". The Kansas City technology event, which took place on March 21, also included a keynote by Salem and a $10000 hacker contest. Over 250 IT executives, IT Professionals & entrepreneurs attended.

and more »
 
To address soaring data storage and major power consumption issues, Shell Oil has turned to the public cloud to become more agile in deploying application and development services.
 
The latest version of the cloud operating system OpenStack, known as Essex, will be released on Thursday, and supporters say that its stability should encourage larger deployments.
 
After weeks of rumors of a pending reorganization, Yahoo announced this morning that the company is laying off about 2,000 workers.
 
[SECURITY] [DSA 2442-2] openarena regression
 
[SECURITY] [DSA 2445-1] typo3-src security update
 
VMSA-2012-0006 VMware ESXi and ESX address several security issues
 
Landshop v0.9.2 - Multiple Web Vulnerabilities
 

Help Net Security

How to do BYOD the right way
Help Net Security
In this podcast recorded at Infosec World 2012, Mike Moir, Product manager with Entrust, talks about consumerization and the bring-your-own-device phenomenon, and points out the three key elements businesses need to take into consideration when opting ...
Entrust at InfoSec World Conference & Expo 2012 -- Security Expert Explores ...Canada NewsWire (press release)

all 2 news articles »
 
Sony said Wednesday that the newly installed head of its consumer electronics business will also lead the mobile unit formed when it acquired Sony Ericsson, marking the first time its smartphone, tablet, and PC businesses are all under the same leadership.
 
Sophos has entered a definitive agreement to acquire Dialogs Software, a mobile device management vendor based in Dortmund, Germany, the security firm announced on Monday.
 
Option has introduced a quad-band LTE USB modem called the Beemo that can fall back on 3G networks at 42Mbps, the company said on Wednesday.
 

Help Net Security

Europe's largest infosec training event
Help Net Security
SANS Secure Europe 2012 is one of the region's largest infosec training events featuring 8 courses running over a two week period from the 7th to 19th in Amsterdam. Secure Europe has some of the most respected security experts as instructors offering ...
SANS Secure Europe 2012TechWeekEurope UK

all 2 news articles »
 
Netop Remote Control '.dws' File Buffer Overflow Vulnerability
 
Freescale Semiconductor has responded to pressure from workers by implementing a BYOD infrastructure and a collaborative internal network that rewards people for new ideas.
 
Research In Motion has been accused of infringing six patents owned by NXP in a lawsuit filed in a U.S. federal court in Florida.
 
Big data and other technologies are poised to start saving lives and enhancing quality of life for sick patients.
 
Two current scanners, the NeatDesk and the Xerox Mobile Scanner, offer simple ways to digitize and store a variety of paper documents.
 

Entrust at InfoSec World Conference & Expo 2012 -- Security Expert Explores ...
Canada NewsWire (press release)
DALLAS, April 2, 2012 /CNW/ - Entrust Inc. product manager Mike Moir will explore consumerization in the enterprise — including the latest trends and threats — during the 2012 InfoSec World Conference & Expo in Orlando, Fla., April 2-4.

and more »
 

Silicon Valley CEO Discusses Google Fiber Innovation Opportunities For Kansas City
Daily Markets (press release)
Mr. Salem's interview was part of “InfoSec Night“. The Kansas City technology event, which took place on March 21, also included a keynote by Salem and a $10000 hacker contest. Over 250 IT executives, IT Professionals & entrepreneurs attended.

and more »
 
Internet Storm Center Infocon Status