InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Business Insider

These New York City Forts Were Pivotal In Securing America's Independence
Business Insider
A Flight Attendant Reveals 10 Shocking Secrets About Her Job · More · Latest · Video · The Hive · Data · Your News · BI Intelligence · Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC · The Smoke Pit ...

Kaspersky has reported that a new previously undetected variant of the MaControl backddor is being used in the wild. The malware arrived as an email attachment, and if installed connect to a CC server. More information on the malware, its behaviour, and the attack campaign is available from Kaspersky, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future.

Adrien de Beaupr

Intru-shun.ca Inc.
I will be teaching SANS Sec542 in Minneapolis July, Sec560 in Montreal September, and Sec542 in Vancouver December. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities
Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities
GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites
Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites
.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected
IIS Short File/Folder Name Disclosure by using tilde ~ character
[SECURITY] [DSA 2507-1] openjdk-6 security update
Wordpress (editormonkey) Arbitrary File Upload Vulnerability
By 2015, the European Parliament wants all new cars to automatically alert emergency services in case of a crash, a service known as eCall.
French tax authorities have visited the headquarters of Microsoft France to conduct an inspection, a spokesman for the company confirmed Wednesday.
New email-based attacks, some of which target the aerospace industry, are distributing new variants of the Sykipot information stealing malware, according to researchers from security firm AlienVault.
Blind SQL Injection in Webmatic
Just4meeting 3.0 - Lisbon/Portugal - 6 to 8 - July
Members of the European Parliament rejected the controversial Anti-Counterfeiting Trade Agreement on Wednesday by 478 votes to 39.
A Taiwan government office is warning local PC vendors of a new Apple patent for its MacBook Air that could be used in legal action to try and stop the sale of ultrabook models.
OpenStack Nova CVE-2012-3361 Memory Corruption Vulnerability
OpenStack Nova CVE-2012-3360 Remote Code Injection Vulnerability
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
Forum Oxalis 0.1.2 <= SQL Injection Vulnerability
[CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution
[ MDVSA-2012:101 ] libtiff
Cyberoam advisory
CERN scientists announced on Wednesday that they observed a particle that strongly resembles the long-sought after Higgs boson, the final missing ingredient in the standard model of particle Physics.

SKT opens center for cloud computing
The Korea Herald
SK Telecom had mentioned that T Cloud Biz had been developed through a strategic partnership with U.S.-based Juniper Networks, while Infosec, which is part of SK C&C, will be operating the system. It will further provide cloud computing services via ...

and more »
A court in California denied Samsung on Tuesday a stay on a preliminary injunction against sales in the U.S. of Samsung's Galaxy Nexus smartphone running Android, a day after the same court refused to stay a similar injunction against the sale of Samsung's tablet, the Galaxy Tab 10.1.
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability
Boost 'ordered_malloc()' Buffer Overflow Vulnerability

Microsoft Pitches Lowball Windows 8 Upgrade Price
RSA Encryption 'Crack' Rattles Infosec Industry · Google's Nexus 7: Who's Sweating Now? Google Flexes Nexus' Tablet Muscles · Google's I/O: Perfect Blend of Substance and Spectacle? Firefox OS Slinks Onto Smartphone Stage · E-Commerce Times ...

Internet Storm Center Infocon Status