Hackin9

ISNR Abu Dhabi 2014 Latest Developments Announced
Financial Post
The IS pavilion is supported by the UAE Telecommunications Regulatory Authority (TRA) and InfoSec Europe. Moreover, the CIS pavilion will be sponsored by ISC West exhibition and conference. FEM is the region's platform for experts and public safety ...

 

Australia's banks quietly swatting trojan
The Canberra Times
Australia's banks work around the clock to swat malware that steals from customers' accounts. Photo: Simon Rankin. Australia's banks have been quietly working with a Russian security and forensics firm to swat a nasty banking trojan crafted in the ...

and more »
 
The U.S. Federal Communications Commission has approved the $21.6 billion acquisition of Sprint by Japanese telecommunications group Softbank, saying it promises to bring consumers faster and more advanced wireless broadband Internet service.
 
Gallery 'data_rest.php' Multiple Information Disclosure Vulnerabilities
 
Gallery 'flowplayer.swf.php' Security Bypass Vulnerability
 

Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats.

The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs. Critics said it was hard to excuse such a rudimentary error in an open-source piece of software held out as a way to protect sensitive communications.

"It was simply a matter of what I would call a fairly rookie mistake," independent security researcher Adam Caudill told Ars. "They didn't understand the data they were working with. Key generation code is one of the most critical parts of a crypto system because it doesn't matter what else you get right if you get that wrong."

Read 7 remaining paragraphs | Comments

 
Apple will face competition in Europe for the "iWatch" trademark it has already filed for in Japan, Taiwan and Mexico, because other companies have already registered the name in relevant trademark categories.
 
WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross Site Scripting Vulnerability
 
AjaXplorer Multiple Arbitrary Command Execution Vulnerabilities
 
The technology to implement Voice-over-LTE (VoLTE) is maturing, but mobile operators won't roll out telephony services in earnest until 2015. At the same time apps like Skype and Fring are growing quickly in popularity, according to Infonetics Research.
 
Several members of the Icelandic Parliament introduced a bill Thursday that seeks to grant Icelandic citizenship to U.S. National Security Agency document leaker Edward Snowden, but the bill won't be discussed until September.
 

Reducing threats to availability in the banking sector
Banking Technology
Security is best described by using the InfoSec triangle, which illustrates the Three Pillars of Security: confidentiality, integrity and availability. All three are equally important. Defending service availability is not all about deploying services ...

and more »
 
A European Union team will arrive in Washington DC on Monday to assess how the United States is using data it receives from the E.U.
 

Doing More Than Paying Risk Management Lip Service
Dark Reading
"A common issue in many organizations that I have seen is where the infosec team runs a vulnerability or Web application scan and reports the items requiring remediation, but the team responsible for remediation argues that the CVSS score is inaccurate ...

 
LinuxSecurity.com: PyMongo could be made to crash under certain conditions.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
A privacy debate has erupted in Japan over a new service from a major rail operator that sells private e-ticket records as marketing data.
 
By a large majority, the EU Parliament has adopted the EU Commission's draft directive on attacks against information systems
    


 
Seven updates, six critical holes and one important privilege escalation mean next Tuesday is going to be busy for system administrators of Windows systems
    


 
Mozilla Firefox/Thunderbird CVE-2013-1683 Multiple Unspecified Memory Corruption Vulnerabilities
 
HTC's second quarter net profit plummeted 83 percent year on year as sales of the company's latest flagship handset failed to meet expectations.
 
The U.K. Information Commissioners Office has ordered Google to change the privacy policy it introduced in March 2012 to make it more informative for users.
 
HD Moore from Rapid7 has pointed out various risks that exist in servers with remote management features. The issues concern IPMI and the BMC chip's firmware on server boards
    


 
A security hole made CryptoCat-encrypted chat logs vulnerable between October 2011 and June 2013. A security expert says that seemingly secure chat recordings can be decrypted within minutes
    


 
Samsung Electronics predicted a big jump in profit for the second quarter compared to a year earlier, but the company's explosive growth is slowing amid signs its top end Galaxy smartphones are less popular than expected.
 
LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin
 
A court in Pakistan has ordered a continuation of the block on YouTube in the country, after the government argued that a removal of the ban would have implications on law and order in the country.
 
Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability
 
AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities
 
AVAST Universal Core Installer - Multiple Vulnerabilities
 
AVAST Internet Security Suite - Persistent Vulnerabilities
 
Internet Storm Center Infocon Status