New software ported from Windows to Mac! You'll never guess what. Yes, it's ...
The infosec biz tracked the development of the software to a group it has named GREF due to the gang's habit of dropping references to Google in their nefarious activities. GREF has targeted US defense contractors to electronics and engineering ...

and more »
MIT Kerberos 5 CVE-2014-4344 NULL Pointer Dereference Remote Denial of Service Vulnerability
Django CVE-2014-0482 Authentication Bypass Vulnerability
Rsync F_Name Off-By-One Buffer Overflow Vulnerability
MIT Kerberos 5 CVE-2014-4343 Remote Denial of Service Vulnerability
OpenSSL SRP CVE-2014-3512 Remote Denial of Service Vulnerability
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in glibc: When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). [More...]
LinuxSecurity.com: New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: formail could be made to crash or run programs if it processed speciallycrafted mail.
LinuxSecurity.com: A vulnerability has been found and corrected in apache (ASF HTTPD): The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer [More...]
Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability

Posted by InfoSec News on Sep 05


By Jeremy Kirk
IDG News Service
Sep 4, 2014

There's a seedy trade in compromising photos stored in Apple iCloud
accounts, and it is in part aided by a software program that cleanly
collects the data.

Some of the nude celebrity photos are believed to have first been
circulated on Anon-IB, a definitely not...

Posted by InfoSec News on Sep 05


By John E. Dunn
04 September 2014

More than a decade after phishing attacks became the standard way of
getting around corporate defences, all but a tiny minority of employees
still fall for this kind of email, a McAfee test of UK-based workers has

After crunching numbers on 1,755 people who took the firm’s...

Posted by InfoSec News on Sep 05


By William Knowles @c4i
Senior Editor
InfoSec News
September 5, 2014

Unknown hackers breached a test server with malware on a Health and Human
Services (HHS) site that supports the Obamacare insurance website

The commonplace malware was designed to launch “denial of service” attacks
against other websites, HHS said, and there is no evidence any...

Posted by InfoSec News on Sep 05


By Robert Lemos
Ars Technica
Sept 4, 2014

Home Depot has not yet confirmed that a slew of fraudulent transactions
came from a breach of its systems, yet an increasing body of evidence is
mounting that points to a massive compromise linked to the home-supply
retail chain.

Financial institutions first detected the suspected breach when a...

Posted by InfoSec News on Sep 05


By Hugh Son and Michael Riley
Sep 5, 2014

As hackers pierced JPMorgan Chase & Co.’s (JPM) defenses in June, the
bank’s cybersecurity chief was just getting acquainted with his employer
and its sprawling technology infrastructure.

Greg Rattray, a former U.S. Air Force commander for information warfare,

Swiss Infosec feiert
Der Surseer Security-Spezialist Swiss Infosec feiert dieses Jahr sein 25-jähriges Bestehen. Das Unternehmen wurde 1989 von Reto Zbinden gegründet und fokussiert auf Informationssicherheit, IT-Sicherheit und Datenschutz. Aktuell arbeiten 30 Spezialisten ...
Happy Birthday Swiss Infosec AG! (VIDEO)news aktuell Schweiz (Pressemitteilung)

all 5 news articles »

In Cloud We Trust: A New Model
Dark Reading
Furthermore, the way that InfoSec teams classify and treat data has to align to the new business and usage contexts of cloud and mobile. In other words, data identification and classification schemes have to be intuitive and simple in order for the ...


Apple plans to send out more e-mails to alert users of a potential security risk following the hacking of celebrities’ iCloud accounts.

Apple CEO Tim Cook told The Wall Street Journal on Thursday that users will soon be able to receive e-mail notifications when iCloud data is restored. Apple already sends e-mails to users when a new password is requested, when a password is changed, or when an account is used on a new device for the first time.

The company will start to send out the new notifications in two weeks, according to the WSJ. It will also expand the two-step verification process—which requires a separate code or a key in order to log in to an account—to include access to an iCloud account on the new iOS.

Read 3 remaining paragraphs | Comments

Internet Storm Center Infocon Status