Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Latest Pushdo downloader infects victim's machines with the Cutwail spam botnet, spreading phishing emails, banking Trojans and other spam messages.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
CoDeSys Access Security Bypass Vulnerability
 
WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability
 
musl libc Remote Stack Buffer Overflow Vulnerability
 
MoinMoin Virtual Group ACL Evaluation Security Bypass Vulnerability
 
Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
 
Twenty-two U.S. privacy and consumer groups have voiced support for a tough online privacy proposal being considered by the European Union, even though some U.S. businesses and government officials have described the proposal as too regulatory.
 
[SECURITY] [DSA 2538-1] moin security update
 

ForeScout Sponsors SANS Webcast: "Architecting a Flexible Strategy for ...
Broadcast Newsroom
considerations that InfoSec professionals can put to immediate use. Other topics that will be addressed include: Real-world issues, considerations and operational impact; Policy development processes to tolerate, support or embrace. BYOD; Why combine ...

and more »
 
Intel said it has improved performance and graphics in the upcoming version of its Core chip line, while also slashing power consumption by a whopping 41%.
 
Apple today issued a Java update for OS X Lion and Snow Leopard to make it more difficult for hackers to exploit other vulnerabilities.
 
More than half of all mobile-phone app users surveyed have either declined to download an available app or deleted one from their device because of concerns about the collection of their personal data, according to the survey released Wednesday by the Pew Internet and American Life Project.
 
Motorola Mobility today announced the Droid Razr M, a smartphone with a dual-core processor and a 4.3-in. screen that will sell for $99.
 
SAP is close to having 600 customers for its HANA in-memory database platform and is also making some adjustments to enterprise edition pricing, an executive said during a webcast event on Wednesday.
 
The U.S. Federal Communications Commission is getting ready to measure mobile data speeds in a joint project with major carriers and other participants.
 
Flogr 'index.php' CVE-2012-4336 Multiple Cross Site Scripting Vulnerabilities
 
[Rooted CON 2013] CFP starts!
 
APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
 
Сross-Site Request Forgery (CSRF) in TestLink
 
Cross-Site Scripting (XSS) in Kayako Fusion
 
Cross-Site Scripting (XSS) Vulnerabilities in Flogr
 
MobileCartly 'savepage.php' Arbitrary File Write Vulnerability
 
[IMF 2013] Call for Papers
 
eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities
 
ES Job Search Engine v3.0 - SQL injection vulnerability
 
eFront Educational v3.6.11 - Multiple Web Vulnerabilities
 
One of the biggest difficulties in using personal finance software is the tedium involved in entering data, especially if you use your Mac at home and your iPhone or iPad on the go. Wouldn't it be easier to just log into one central account and have your app sync everything for you? MoneyWiz does just that.
 
Nokia announced the Windows Phone 8 Lumia 920 and the Lumia 820 smartphones, focusing on the 920's superior camera, augmented reality features and built-in wireless charging.
 
A judge has tossed out some of the claims brought against Oracle by Montclair State University in New Jersey over an allegedly failed ERP (enterprise resource planning) software project.
 
The first stable version of Qubes OS, an open source desktop operating system designed to provide a greater level of security by isolating programs inside virtual machines with different permissions, was released Monday by Polish security firm Invisible Things Lab (ITL).
 
A hard-coded password on a default account could let unauthorised users take full control of industrial network switches as long as they have a guest login. Updated software for the devices is available


 
A managed security service might be the answer, our manager thinks.
 
Nearly all new mobile malware was directed at the Android platform in the second quarter of 2012, according to the latest McAfee threat report.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
D-Link's latest addition to its network-attached storage portfolio, the Cloud Storage 4000, can store up to 16TB of data which can be accessed remotely using smartphones or tablets. But the company offers few cloud features to justify the name.
 
French publishers have relaunched a discussion about the republishing of headlines and the first paragraph of articles by Google and other search engines without compensating the provider of the content.
 
The Zero Day Initiative, which is part of HP, has stirred up further trouble for its parent company: it has released information about nine critical security holes in HP products, some of which have remained unpatched for over a year


 
The AV-Comparatives test lab has examined 13 security programs for Android smartphones. As well as the core anti-virus features, the experts also checked the programs' adware recognition and effect on battery life


 
As Google touted Chrome's fourth launch anniversary on Tuesday, a pair of Web measurement firms continued to argue about whether the browser is still gaining ground or has stalled.
 
Hackers stole about $250,000 from BitFloor, a BitCoin exchange, and it does not have the money to reimburse account holders, according to the website's founder.
 
Salesforce.com has decided to withdraw its applications to trademark the term "social enterprise" following objections from social organizations who held that the term was understood to describe businesses with a social purpose, it said Tuesday.
 
Taiwan Semiconductor Manufacturing Co. (TSMC) plans to start using 450-millimeter wafers to build its processors in 2018, following delays in the development of the new manufacturing technology.
 
The FBI denied that the 1 million unique device identifiers for Apple devices posted publicly by hacker group AntiSec on Monday had come from its computers.
 
Windows 8 and OS X Mountain Lion support are promoted, but existed already in the previous versions. So what else is new?
 
New to Microsoft PowerPoint 2010? Find your favorite commands from earlier versions of PowerPoint with these charts. Insider (registration required)
 
Whether you're upgrading from PowerPoint 2007 or an earlier version, we've got the goods on how to find your way around Microsoft PowerPoint 2010 and make the most of its features. Insider (registration required)
 
GNOME Gnome-keyring 'GPG' Password Security Bypass Vulnerability
 
The agency says it has no evidence it even had the data. Meanwhile a reporter has donned a tutu in an attempt to get an interview with AntiSec


 

Posted by InfoSec News on Sep 05

http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-router-opens-power-plants-to-tampering/

By Dan Goodin
Ars Technica
Sept 4, 2012

The branch of the US Department of Homeland Security that oversees
critical infrastructure has warned power utilities, railroad operators,
and other large industrial players of a weakness in a widely used router
that leaves them open to tampering by untrusted employees.

The line of...
 

Posted by InfoSec News on Sep 05

http://www.nextgov.com/cybersecurity/2012/09/navy-seeks-software-assess-and-exploit-network-vulnerabilities/57844/

By Dawn Lim
Nextgov
September 4, 2012

In another indication of the growing market for offensive security
software, the Navy is in the market for a suite of tools that will scan
and assess security holes in networks and exploit unknown glitches in
computer programs, contract documents indicate. The Pentagon’s goal is
to use...
 

Posted by InfoSec News on Sep 05

http://news.cnet.com/8301-1009_3-57504727-83/how-the-pros-thwart-computer-spies-with-james-bond-tricks/

By Elinor Mills
Security & Privacy
CNET News
September 4, 2012

H.D. Moore wasn't taking chances.

During the spring of 2009, the information specialist traveled to
Shanghai on a work trip. For a computer, though, he carried only a
stripped down Netbook that he modified using a trick even James Bond
would have admired. He sawed off...
 

Posted by InfoSec News on Sep 05

http://www.cio.com/article/715394/Broadcaster_Al_Jazeera_Knocked_Offline_with_DNS_Attack?taxonomyId=3089

By Jeremy Kirk
IDG News Service
September 04, 2012

Websites of broadcaster Al Jazeera were offline as of late Tuesday as
the media outlet continued to suffered from an attack against Domain
Name System (DNS) servers.

Al Jazeera's main website was also defaced at one point, according to a
screenshot captured by Zone-H.org, which...
 

Posted by InfoSec News on Sep 05

http://www.wired.com/threatlevel/2012/09/fbi-says-laptop-wasnt-hacked-never-possessed-file-of-apple-device-ids/

By Kim Zetter
Threat Level
Wired.com
09.04.12

The Federal Bureau of Investigation is refuting a statement made by
members of AntiSec this weekend that they hacked the laptop of an FBI
special agent and stole a file containing 12 million Apple device IDs
and associated personal information.

The FBI also said it did not possess a...
 
Internet Storm Center Infocon Status