InfoSec News

One of our handlers posted this to our list and I though I would share (thanks Swa). The CVE has concluded that the NDSS Conference presentation of Revoked Yet Still Resolvable [1] to be verifiable but due to the protocol. [2]


Richard Porter
--- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A hacker going by the handle of Epoch has hacked and now leaked a bunch of accounts from the The Economic Development Association (Scotland) edascot.org.uk.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Saadi and Hax.r00t have taken down 4 Argentina based websites and left them with some music and nice message letting them know they have been breached.

Phantom~, with help from AnonOps Sweden, leaked a 80 MB dump of Syrian Military and bank accounts.

The target, macforbeginners.com is a privately owned website that offers help for people starting out with macs, but really they should be looking for help themselves to better protect there clients information.

Oracle MySQL CVE-2012-0119 Remote Vulnerability
Oracle MySQL CVE-2012-0493 Remote Vulnerability
Oracle MySQL Server CVE-2012-0494 Local Security Vulnerability
The Electronic Privacy Information Center has filed a lawsuit against the Federal Trade Commission to force the agency to take action against Google over planned changes in collecting personal data.
The U.S. government is losing a race in cyberspace -- a social-networking race for the hearts and minds of Internet users, a computer security expert said Wednesday.
Amid widespread concern about its new privacy policies, Google is now facing criticism over an offer to give users Amazon gift certificates if they open their Web movements to the company in a program called Screenwise.
Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Oracle MySQL CVE-2012-0116 Remote MySQL Server Vulnerability
Oracle MySQL CVE-2012-0120 Remote Vulnerability
Oracle MySQL Server CVE-2012-0484 Remote Security Vulnerability
Cisco Systems posted year-over-year gains in revenue and profit for its fiscal second quarter on Wednesday, reporting net sales up 10.8 percent to US$11.5 billion, and said it met a key cost-cutting goal one quarter early.
The Phoenix Suns have deployed more than 100 Samsung Galaxy Tab 10.1 tablets over Verizon Wireless' 4G LTE network for use by the team's business personnel, players and managers in the current basketball season.
Salesforce.com has made a series of changes to its support services that include the removal of certain features from the Standard tier, but which the company says overall will provide a better experience for customers.
Google patched 20 vulnerabilities in the desktop edition of Chrome and added new anti-malware download warnings to version 17.
The shakeup at Yahoo continues as the company's chairman and three directors stepped down Tuesday. The new board could be gearing up to sell the Internet company, or the new CEO may be looking for a board that will support him.
Until President Barack Obama responded to a question about H-1B visas during an online forum last week, the administration had said little about the controversial program.
SquirrelMail Multiple HTML Injection, Cross Site Scripting, and Security Bypass Vulnerabilities
SquirrelMail Remote Denial of Service Vulnerability
Google patched 20 vulnerabilities in the desktop edition of Chrome and added new anti-malware download warnings to version 17.
A report Tuesday, from the website 9to5Google, said Google is close to coming out with eyeglasses, or goggles, equipped with processing power, storage and Android phone functionality.
Just as it enjoys an initial surge of popularity, a new social networking site called Pinterest is also experiencing its first bout of controversy. Observers are accusing the site of secretly embedding code in user content to generate revenue.
Digital Certificate Authority Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox.
Google's motto of "Do No Evil" apparently extends to its environmental policies, as the company was recently ranked first on Greenpeace's Cool IT Leaderboard for overall green practices. Google grabbed the top spot for the first time, ranking high due to recent disclosure of its own carbon footprint as well as its investment in utility projects such as a large-scale solar project taking place near Sacramento. Other reasons it made the top of the list? The RechargeIT.org project which was designed by Google to demonstrate the technology used in plug-in electric vehicles and to accelerate their adoption, as well as other actions such as increasing its renewable energy purchasing and creating a subsidiary called Google Engery.
Novell Open Enterprise Server iPrint CVE-2011-4194 Remote Buffer Overflow Vulnerability
Adobe Acrobat and Reader BMP Resources Signedness Memory Corruption Vulnerability
ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability
ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability
ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities
European researchers may have found a way to speed up data storage 100-fold, breaking one barrier holding back how fast data can be transferred.
Microsoft said it will host a launch event for the Windows 8 beta on Feb. 29 in Barcelona, the site of the Mobile World Congress.
Google plans to remove online certificate revocation checks from future versions of Chrome, because it considers the process inefficient and slow.
Computer Sciences Corp. reported a US$1.39 billion loss for its third fiscal quarter, with revenue down 5.8 percent year on year. Performance was dragged down by a $1.49 billion charge related to the U.K. government's cancellation of a health IT contract, it said Wednesday.
ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability
ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability
ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution
ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
Chrome for Android will not run Flash Player, the popular software that Apple has famously banned, Adobe confirmed.
Rambus and Nvidia have settled past lawsuits and signed a patent agreement covering a broad range of integrated circuit products, Rambus said on Wednesday.
A push by European authorities to strengthen the European Union's cyber security watchdog has been given a green light by parliamentarians.
Multiple Horde Products Cross Site Scripting and HTML Injection Vulnerabilities
Novell Sentinel Log Manager 'filename' Parameter Directory Traversal Vulnerability
ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
[security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information

Business is booming for 'malware as a service' merchants
"The life cycle of [malware] products is the most amazing aspect," writes Pierluigi Paganini, a certified ethical hacker and founder of Security Affairs in Italy, in an article posted this past week on Infosec Island. "From design to release to ...

and more »
Cyberoam Central Console v2.00.2 - File Include Vulnerability
Multiple vulnerabilities in ZENphoto
Computer Sciences Corp. reported a $1.39 billion loss for its third fiscal quarter, with revenue down 5.8% year on year.
Cognizant Technology Solutions posted strong growth in revenue and profits in the fourth quarter of 2011, indicating that a few focused players continue to grow, even as demand for offshoring is flat because of uncertain economic conditions.
Sprint says it sold 1.8 million iPhones between October and December 2011, of which roughly 720,000 were new customers, but the cost of subsidizing Apple's smartphone raised the company's losses to $1.3 billion, compared with $929 million year-on-year.
[security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
Unauthenticated remote code execution on D-Link ShareCenter products
Why do some enterprise managers decide to brave their way into the new and unknown of cloud-based services? Sometimes it's simply because the old technology just isn't working out that well anymore.

SANS Course Poll
We are running a poll with the South African infosec community allowing you to have a say on the course selection. Let us know which of the introductory 2 day courses you would most like to see presented. One lucky respondent will win free entrance to ...

Oracle is hoping to carve out a prominent place in the world of R, the open-source statistical modeling language with roots in academia but an increasingly high profile in enterprise IT shops. It announced a new Advanced Analytics product on Wednesday that ties R to its database and family of software-hardware appliances.
CSC ended four months of speculation about the identity of its next CEO late Tuesday, announcing that Mike Lawrie, currently CEO of British IT service company Misys, will become CEO of CSC by the end of March. He has already taken a seat on CSC's board.
In a picturesque spot overlooking San Francisco Bay, the U.S. Department of Energy's Berkeley Lab is building a new computing center that will one day house exascale systems.
MongoDB shines with broad programming language support, SQL-like queries, and out-of-the-box scaling
Now that most smartphone plans offer only tiered plans (rather than unlimited data usage), how close are you to pushing past your limit -- and paying more than you want?
Nokia has decided to move more of its manufacturing to Asia, and will lay off approximately 4,000 workers at three factories in Europe and Mexico by the end of the year, the company said on Wednesday.
Google is planning to send a letter to standards setting organizations, stating that Motorola Mobility's standards-essential patents will continue to be available on FRAND terms after its acquisition of the company, a person close to the situation said late Tuesday.
The project, three years in the making and still in beta, is just starting to be rolled out by government and planning agencies.
@SwaggSec has hacked and leaked a huge amount of information from .foxconn.com which works with high profile names such as intel, ibm and others.

Hackers from a well known group who mostly stays quiet with the attacks and work they do has come out with a big hit on the Nigerian government. The hack which comes in three parts is part of OpNigeria, a operation thats set-out to expose the Nigerian government .

Google is planning to send a letter to standards setting organizations, stating that Motorola Mobility's standards-essential patents will continue to be available on FRAND terms after its acquisition of the company, a person close to the situation said late Tuesday.
Internet Storm Center Infocon Status