(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A stronger set of features, possibly including payments, might be coming to Facebook's messaging properties now that former PayPal president David Marcus has come to work for the social network.

Investigators said they have identified a secretive hacking group that has spent years systematically targeting US partners in the space and satellite industry, most likely on behalf of the Chinese military.

The group typically gains a foothold in sensitive networks by attaching booby-trapped documents to e-mails, according to a 62-page report published Monday by Crowdstrike, a firm that conducts forensic investigations on behalf of customers who have suffered security breaches. When employees click on the documents, the attackers are able to gain control over their PCs. The attackers then use the PCs to take control of servers housing blueprints, customer lists, or other sensitive data. The group, dubbed as Putter Panda, is connected to Unit 61486 of the People Liberation Army's (PLA's) Third General Staff Department, according to the report.

"Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of the US Defense and European satellite and aerospace industries," Crowdstrike researchers wrote. "The PLA ’s GSD Third Department is generally acknowledged to be China’s premier Signals Intelligence (SIGINT) collection and analysis agency, and the 12th Bureau Unit 61486, headquartered in Shanghai, supports China’s space surveillance network."

Read 2 remaining paragraphs | Comments

Hewlett-Packard is joining some aggressive startups in claiming flash can match the cost of high-end disk drives.
Well, that was awkward: Facebook just did a Snapchat of its own, briefly releasing a rival disappearing-photo app and then pulling it.
A Chinese hacking group that has attacked U.S. and European aerospace and communications companies is almost certainly linked to the Chinese military, a U.S. Internet security company said Monday.
Hewlett-Packard has entered the market for supercomputers with a new Apollo family of systems, including a high-end machine that has a novel water-based system to keep it cool.
GnuTLS 'gnutls_x509_dn_oid_name()' Function NULL Pointer Dereference Denial of Service Vulnerability
An Israeli company and the aluminum giant Alcoa Canada have demonstrated a car using a combination of aluminum-air and lithium-ion storage technologies that can travel vast distances between charges.
A computer-powered chatbot that supposedly passed the Turing Test for artificial intelligence may not be all it's cracked up to be.
The state of enterprise tech has moved from company-centric to user-centric, and IT leaders -- faced with fickle consumer-business users -- must learn to understand 'the need' not 'the ask.'
Tesla CEO Elon Musk plans to open up the designs for free, fast-charging electric vehicle stations in order to create a standard other car makers can use.
One federal regulator sees a potentially bright future in driverless cars like those made by Google -- if their technology actually succeeds in making roads safer.
Apple's iPhone may continue to shed global market share in the next five years, but its portion of total revenue will remain stable because Apple will resist slashing iPhone prices, a research analyst said today.
Latching on to the growing success of the Node.js platform, development tools provider Progress Software has acquired Modulus, which offers a platform for running the Node.js JavaScript runtime.
CompTIA's CertMaster combines principles from neurobiology, cognitive psychology and game studies to help you learn new material and retain it for the long term.

Two 14-year-old Canadians hacked a Bank of Montreal ATM after finding an operators manual online. The manual showed how to gain administrative control of the device, according to a media report published over the weekend.

When Matthew Hewlett and Caleb Turon tested the instructions against an ATM at a nearby supermarket, the ninth graders didn't expect them to work, The Winnipeg Sun reported Sunday. To their surprise, the machine quickly prompted them for a password. Even more surprising, their first guess—a six-character password that's common among default settings—let them in. The boys then reported their lunch-hour caper to bank employees, who at first thought the duo had merely acquired the PINs of an ATM customer.

"I said: 'No, no, no. We hacked your ATM. We got into the operator mode,'" Hewlett was quoted as saying. Then, the bank employees asked for proof.

Read 3 remaining paragraphs | Comments

Talk to any information security professional over the past decade about a number of their greatest perceived challenges when it comes to doing their job. More often than not you'll hear about how their organization's business leadership didn't provide them the support and space they need to secure their organizations properly. One way you'll hear this is when it comes to the lack of budget. Another way you'll often hear this expressed, is as security "doesn't get a seat at the table."
Amtrak is exploring ways it can upgrade the on-board Wi-Fi on its Acela trains between Washington and Boston, now notoriously poor for passengers, especially during rush-hour travel.
DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability
DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability
DNN (DotNetNuke®) responsivesidebar Module Arbitrary File Download Vulnerability

Women in InfoSec: Building Bonds & New Solutions
Dark Reading
As a woman working in InfoSec for over a decade and a half, I've had the pleasure of becoming good friends with a number of other women in the field. It has occurred to me over the years how similar many of our stories are, both in terms of what ...

and more »
Premier 100 IT Leader Chad Long also answers questions on shaping one's career, moving into security, and the comparable merits of certs in project management and business analysis.
[security bulletin] HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability
DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability
[SECURITY] [DSA 2953-1] dpkg security update
RadioShack plans to expand its same-day Fix It Here in-store service for cell phones and tablets to more than 700 stores nationwide by year's end.
Despite the iCloud enhancements and new features Apple talked up at WWDC, don't expect the company to broadly compete in the online storage market.
By and large, the major websites hit by Heartbleed have recovered. So have the bad guys, who are undoubtedly plotting their next move. Here, security experts offer their take on five large-scale, Heartbleed-level vulnerabilities for which CIOs should prepare.
IBM Java SDK CVE-2014-0878 Security Bypass Vulnerability

A Multidisciplinary Approach to InfoSec
Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti. Conti is director ...

Amazon.com is hoping to convince more European developers to create apps for the Fire TV streaming media player at a developer event in London.
Lynis '/tmp' Symlink Vulnerability
PHP '/tmp/phpglibccheck' Symlink Vulnerability
Information governance covers the entire spectrum of information management, but most people have a fuzzy notion of what it is. This must change, because the real value of information can't be fully realized unless it is properly governed.
Microsoft's situation in 2014 is eerily similar to IBM's in the late 1980s, and it can save itself the same way.
The question you need to consider concerns the great workforce changes that have shaken up the work environment over the past three decades.
Many enterprise IT leaders say there are benefits to doing business with startup vendors.
New technology trends are driving big changes in the vendor landscape and creating a once-in-a-career opportunity for savvy CIOs. Huge price cuts, packaged deals, favorable contracts and unique partnerships with big-time vendors are now within reach.
NASA successfully transmitted a high-definition video 260 miles from the International Space Station to Earth using a new laser communications instrument.
How can you use your resume to give prospective employers insight into how you helped your past employers?
A growing number of IT departments are moving development work to the cloud, allowing a faster responses to business requests with fewer people, disruptions and costs. Insider (registration required)
Our manager decides that, like users, resources on the network should adhere to the rule of least privilege.
The University of Michigan is building a 32-acre simulated city center complete with building facades, stoplights, intersections, traffic circles, and even construction sites to test driverless cars.
Apache Mesos, a software package for managing large compute clusters that's been credited with helping Twitter to kill its Fail Whale, is being primed for use in the enterprise.
Internet Storm Center Infocon Status