Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Flexible OLEDs that can be rolled up or wrapped around the sides of smartphones are getting closer to reality. Samsung Electronics showed some of its prototype flexible displays at CES Wednesday and launched a new brand name for them, Youm.
 
TI today demonstrated several prototypes of what it described as hospital-grade medical monitoring devices that can measure everything from your percentage of body fat and water to your blood oxygen saturation.
 
After Microsoft CEO Steve Ballmer made a surprise appearance during a Qualcomm keynote at International Consumer Electronics Show (CES), some analysts wondered how married the company is to Snapdragon chips and the ARM-based ecosystem.
 
Oliver Bussmann, CIO at SAP, boasts he has 6,000 followers on Twitter. He also makes a point of attending trade shows like the International Consumer Electronics Show (CES) to grab ideas on new innovations.
 
Lenovo's new IdeaPhone K900 smartphone, shown at International CES, is a big phone with a 5.5-in. display that's also very lightweight at 5.7 ounces.
 
The FCC plans to allocate more unlicensed spectrum for Wi-Fi to improve performance in crowded public places and in homes, looking to head off a future spectrum crunch.
 

===============
Rob VandenBrink
Metafore
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

===============
Rob VandenBrink
Metafore
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[SECURITY] [DSA 2604-1] rails security update
 
[SECURITY] [DSA 2603-1] emacs23 security update
 
[ MDVSA-2013:003 ] rootcerts
 
NetSuite is one of the SaaS (software as a service) market's pioneers, having sold its growing family of ERP (enterprise resource planning), e-commerce and other applications since 1998. The vendor's results have been beating Wall Street's predictions, and may yet again in a few weeks, when NetSuite is expected to announce its fourth-quarter and year-end results.
 
Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the people behind the ongoing DDoS attack campaign against U.S. financial institutions -- thought by some to be the work of Iran -- are using botnets for hire.
 
It's been a year since the introduction of the first Intel Inside handset, but the chip maker struggle is still struggling as rivals Nvidia and Qualcomm improved speed and power efficiency of ARM chips.
 
Intel CTO Justin Rattner said the traditional PC couldn't survive in the age of the gadget and that we're in the midst of the rebirth of the PC.
 
Former President Bill Clinton made a surprise appearance at the International CES on Wednesday, where he talked a little about technology and a lot about hot-button political issues like the environment and gun control.
 
Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities
 
Admins begin the new year with a light Patch Tuesday that includes two critical bulletins, but they'll also want to pay attention to an exploit in IE.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Businesses are overconfident about cyber security and should treat security breaches as inevitable, says business advisory firm Deloitte

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Samsung has announced its next Exynos processor for smartphones and tablets, an eight-core chip that uses a novel architecture to provide more performance without sucking up battery life.
 
Research In Motion's new BlackBerry 10 operating system looks good and SAP plans to begin supporting RIM handsets for its workforce shortly after the January launch, an SAP executive said Wednesday.
 
Microsoft will issue an emergency update to patch a vulnerability in Internet Explorer in the next two weeks to fix a flaw criminals have been using for more than a month, researchers said.
 
Gibbs starts the New Year with two languages and a new productivity tool.
 
Intel expects to see more innovation in PC design in the next year than there has been since the mid-1990s, an Intel executive said Wednesday.
 
Cisco Unified IP Phone 7900 Series CVE-2012-5445 Local Privilege Escalation Vulnerability
 
GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability
 
[ MDVSA-2013:002 ] firefox
 
Nero MediaHome Multiple Remote DoS Vulnerabilities
 
Motorola Mobility has withdrawn its claims with regard to its standard-essential patents in its complaint against Microsoft's Xbox before the U.S. International Trade Commission.
 
In 2013, a high-end smartphone should have a full-HD 5-inch screen and a 13-megapixel camera to remain competitive, if products launched at International CES in Las Vegas this week are an indication of the state of the art for mobile devices.
 
tablets, ces2013, Intel Corp, Sharon Gaudin
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0762 Use After Free Memory Corruption Vulnerability
 
Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
 
Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability
 
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
 
New Zealand-based PowerbyProxi expects system manufacturers to begin a line of wireless charging products, from pads to charging boxes and even standard-size batteries that can be charged wirelessly.
 
Verizon wants to use its nationwide LTE wireless network to stream the 2014 Super Bowl live, CEO Lowell McAdam told a keynote audience at International CES late on Tuesday.
 

Due to a scheduling conflict with another webcast, we had to cancle todays monthly threat update. However, we will use this opportunity to try something new. We had some complaints in the past with users having problems with our java based webcast platform. Already, we are seeing a lot more users downloading the audio only podcast version of the webcast compared to users actually participating in the live version.

This month, we will try a recorded screencast format, and publish the webcast-)

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Adobe Flash Player and AIR CVE-2013-0630 Remote Buffer Overflow Vulnerability
 
Third-party assessments can save you the time and money required to verify a vendor's claims for infrastructure and security. (Insider; registration required)
 
At one time or another, we install too much stuff. And who can blame us? The Internet is one big playground with lots to install and play with, and we eventually forget that too many installations can slow down and eventually crash our system. One key to a smooth healthy running computer is to keep it as trim as possible, with as little bloatware as possible. Enter Toolbar Cleaner (free) to make that task really easy.
 
For years, information security experts have predicted a spike in mobile malware. Will 2013 be the year of mobile attacks? And what other security threats are on the horizon?
 

BankInfoSecurity.com

Tom Ridge on DHS's IT Security Role
BankInfoSecurity.com
Tom Ridge on DHS's IT Security Role. Ex-DHS Secretary Questions Department's InfoSec Breadth, Depth. By Eric Chabrow, January 8, 2013. Credit Eligible. Send Email. Tweet Like LinkedIn share. Former Homeland Security Secretary Tom Ridge expresses ...

 

===============
Rob VandenBrink
Metafore
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Those using the Ruby on Rails web application framework on their websites are being advised to update the software immediately after multiple new vulnerabilities were found. It's the second time this month that Rails has been patched because of serious flaws.
 
Google has withdrawn its claims with regard to its standard-essential patents in its complaint against Microsoft's Xbox before the U.S. International Trade Commission.
 
Mozilla has fixed over 20 security holes, 12 of which are rated as critical, across its products. The updates also remove the misappropriated TURKTRUST certificates from the trusted list


 

===============
Rob VandenBrink
Metafore
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Dropbox announced a tighter integration with Samsung mobile devices, allowing users to enable file sharing across multiple products from smartphones and cameras to smart TVs.
 
Defending Windows 8 against reports that sales have been sluggish, one of Microsoft's top executives said it will take time for customers to digest the new operating system and for device makers to ramp up production of the hardware users want: Touch-enabled PCs and tablets.
 
Critical problems with XML processed parameters and another with JSON parameter handling have been discovered and updates for Ruby on Rails have been released, though one fix is already causing problems for some users


 
WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability
 
Verizon wants to use its nationwide LTE wireless network to stream the 2014 Superbowl live, CEO Lowell McAdam told a keynote audience at International CES late on Tuesday.
 
The PC market may be taking a beating but chip maker Advanced Micro Devices is has no plans to move toward the hot new market: smartphones.
 
Jumping on the big-screen smartphone bandwagon at CES, China's ZTE on Tuesday unveiled a flagship Android phone with a 5-inch full HD display.
 
Adobe is offering advice on mitigating the dangers from currently unpatched vulnerabilities in the ColdFusion application server which are already being exploited in the wild


 
Important updates have been released for the following products: Windows, Adobe Flash, Reader and Acrobat. However, there is still no solution in sight for the critical hole in Internet Explorer


 
Relatively quietly, NVIDIA has released a driver update which fixes a security vulnerability which could be exploited by an attacker to obtain administrator privileges on Windows operating systems


 

Posted by InfoSec News on Jan 09

http://www.csoonline.com/article/725880/ransom-implant-attack-highlight-need-for-healthcare-security

By Taylor Armerding
CSO
January 08, 2013

All healthcare data breaches are not equal.

They're all bad, and reaching epidemic levels. The security testing
company Redspin, for one, found that Protected Health Information (PHI)
breaches nearly doubled from 2010 to 2011. The Department of Health and
Human Services has reported 525 breaches...
 

Posted by InfoSec News on Jan 09

http://www.wired.com/threatlevel/2013/01/subway-hacking-scam/

By David Kravets
Threat Level
Wired.com
01.08.13

A Romanian national is being sentenced in the United States to 21 months
in prison for his role in a successful plot to hack customer
credit-card-processing systems at more than 150 Subway restaurants and
50 other unnamed retailers.

In all, four Romanian hackers compromised the credit-card data of more
than 80,000 U.S. customers...
 

Posted by InfoSec News on Jan 09

http://arstechnica.com/security/2013/01/secret-footsoldier-targeting-banks-reveals-meaner-leaner-face-of-ddos/

By Dan Goodin
Ars Technica
Jan 8 2013

Over the past two weeks, a new wave of Web attacks has battered major US
banks, causing disruptions for many of their online services. Now, an
Israel-based security firm has uncovered one of the secret footsoldiers
behind the mass assault: a compromised website that was rigged to
unleash a...
 

Posted by InfoSec News on Jan 09

http://news.techworld.com/security/3419296/hacker-uses-cat-deliver-virus-clues-japanese-police/

By John E Dunn
Techworld
08 January 2013

The battle between a mysterious hacker and Japanese police has taken a
bizarre turn with the news that the authorities have recovered a memory
card containing new clues sent to them strapped to a cat.

The card is reported by Japanese media as containing evidence that its
sender was behind the...
 

Posted by InfoSec News on Jan 09

http://www.dailynebraskan.com/news/article_6d15f3d6-5a1a-11e2-a4d4-0019bb30f31a.html

By Lis Arneson
Daily Nebraskan
January 9, 2013

The case against a former University of Nebraska-Lincoln student accused
of hacking into the University of Nebraska’s Nebraska Student
Information System on May 23 will head to trial.

Daniel Stratman, 22, refused to enter a plea during his arraignment
Tuesday afternoon before U.S. Magistrate Judge Cheryl...
 
DokuWiki 'ajax.php' Multiple Security Bypass Vulnerabilities
 

Firefox 18.0 and Thunderbird 17.0.2 are just released - the version numbers change so quickly on these now I cant keep track anymore!

Details at:

http://www.mozilla.org/en-US/firefox/18.0/releasenotes/

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

http://www.mozilla.org/en-US/thunderbird/17.0.2/releasenotes/

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird17.0.2

===============

Rob VandenBrink

Metafore
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status