Hackin9
Procmail Formail Utility 'formisc.c' Heap Overflow Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Home Depot has not yet confirmed that a slew of fraudulent transactions came from a breach of its systems, yet an increasing body of evidence is mounting that points to a massive compromise linked to the home-supply retail chain.

Financial institutions first detected the suspected breach when a wave of fraudulent transactions on cards had been used at Home Depot. On Wednesday, journalist and blogger Brian Krebs, who originally broke the story, analyzed the zip codes of a recent batch of stolen cards offered for sale on the underground and found a 99 percent match with the locations of Home Depot's stores.

Such a correlation is a "smoking gun," Lucas Zaichkowsky, enterprise defense architect at AccessData, a digital forensics and security services firm, said in an e-mail interview. Whether Home Depot has been breached is no longer a question, he said.

Read 6 remaining paragraphs | Comments

 
RETIRED: IBM SDK for Node.js CVE-2014-5256 Remote Denial of Service Vulnerability
 
TYPO3 Google Sitemap Unspecified Cross Site Scripting Vulnerability
 
TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
 
TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
 
 
[ MDVSA-2014:174 ] apache
 

Temptation to look is once again being used as bait for a variety of malware attacks, thanks in part to the widespread coverage of the recent nude celebrity photos leaks on 4chan and reddit. The old bait-and-switch move, a well-worn social engineering attack on Twitter and other social networking services, has now been updated with promises of intimate photos of Jennifer Lawrence. In reality, the link delivers malware “dropper” software instead.

Researchers at Trend Micro have uncovered a number of new social engineering attacks based on the celebrity photos. One in particular uses Lawrence as the bait, with a shortened URL that the Twitter lure promises will take you to “Jennifer Lawrence Leaked Photos.” The tweet uses hashtags for Jennifer Lawrence both by her full name and by “JLaw” in order to target people actively seeking information about her.

A fraudulent tweet, used as a lure.
Trend Micro Labs

Those who fall for the bait are taken to a website with a “video”—which is in fact a link to fake “Video Converter” software. What really gets delivered is a malware package that Trend Micro calls ADW_BRANTALL, an adware installer that targets Microsoft Windows 7 and earlier Windows versions.

Read 2 remaining paragraphs | Comments

 

Marketing and PR Excellence 2014: Infosec Cloud Ltd
The Guardian
As a small business offering new cloud-based services our primary objectives are to raise awareness, educate the market and generate interest that can be converted into sales leads. Over the last 12 months, we've adopted a low cost marketing and PR ...

and more »
 
LinuxSecurity.com: Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges.
 
LinuxSecurity.com: Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated httpcomponents-client packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Libgcrypt could expose sensitive information when performing decryption.
 
LinuxSecurity.com: GnuPG could expose sensitive information when performing decryption.
 
LinuxSecurity.com: A vulnerability in dhcpcd can lead to a Denial of Service condition.
 
LinuxSecurity.com: Lua could be made to crash or run programs.
 

The United States and the other 27 members of the North Atlantic Treaty Organization plan to aid the defense of any other NATO country in the event of a major cyber attack, according to an agreement that will be ratified this week at a major alliance meeting.

On Thursday, NATO members will meet with 40 partner countries at a major summit in Wales, United Kingdom, to discuss the future security of the region. While the conflict in eastern Ukraine will dominate the meeting, the alliance will also agree to work together to defend its communications network and aid each other against major cyber attacks.

The policy, endorsed by NATO ministers in June, will task NATO countries with sharing information on cyber threats, lending expertise to harden member nations' communications and information systems (CIS), and working with industry partners to improve NATO's ability to respond to cyber attacks.

Read 12 remaining paragraphs | Comments

 
Oracle MySQL Server CVE-2014-0437 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-0427 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2013-5767 Remote Security Vulnerability
 
Avolve Software ProjectDox Multiple Vulnerability Disclosure
 
[security bulletin] HPSBMU03083 rev.2 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
 
Mozilla Firefox/Thunderbird CVE-2014-1562 Multiple Memory Corruption Vulnerabilities
 
Squid CVE-2014-3609 Remote Denial of Service Vulnerability
 
Internet Storm Center Infocon Status