InfoSec News

Malware increasingly targeting smartphones
Viet Nam News
Research and Development director of CMC, Infosec Vu Lam Bang said that mobile viruses could steal user information similar to those found crippling computers. In fact, unlike computer hackers who steal information, mobile phone viruses never hijack ...

Cnectd for Android Unspecified Security Vulnerability
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
VMware issued the following security advisories:
The VMware vCenter Chargeback Manager contains a vulnerability that allows information leakage and DoS [1]. VMware recommend applying the following patch available here [2].
The VMware VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32 Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE [3]. VMware recommend applying the following patch for VMware Virtual Center 2.5 Update 6b available here [4] (registered users with a valid serial number) and ESX350-201203401-SG and here [5].
The following advisories have been updated
VMware ESX third party updates for Service Console packages glibc and dhcp (VMSA-2011-0010.3) [6]

VMware ESXi and ESX updates to third party libraries and ESX Service Console (VMSA-2011-0012.3) [7]

VMware third party component updates for VMware vCenter Server, vSphere Update Manager, ESXi and ESX (VMSA-2011-0013.2) [8]
[1] http://www.vmware.com/security/advisories/VMSA-2012-0002.html

[2] http://downloads.vmware.com/d/info/it_business_management/vmware_vcenter_chargeback/2_0

[3] http://www.vmware.com/security/advisories/VMSA-2012-0003.html

[4] http://www.vmware.com/download/download.do?downloadGroup=VC250U6B

[5] http://downloads.vmware.com/go/selfsupport-download

[6] http://www.vmware.com/security/advisories/VMSA-2011-0010.html

[7] http://www.vmware.com/security/advisories/VMSA-2011-0012.html

[8] http://www.vmware.com/security/advisories/VMSA-2011-0013.html
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Two new Oracle user group surveys show that customers have a mixed bag of plans for ERP application upgrades.
LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption
OCZ announced new PCIe-based flash cards this week, while at the same time showing off a new Thunderbolt-enabled SSD at CeBIT. It also talked up two upcoming SSDs with 2TB and 4TB capacity, respectively.
The story of this Sony factory, which took the full brunt of a powerful tsunami that washed through a year ago, reflects that of much of Japan's northeastern coast - abrupt tragedy, battled with ingenuity and stoic resolve, and now grim economic reality.
Trade-in values for used Apple iPads plummeted as much as 26% after the company launched its newest tablet Wednesday and began taking pre-orders for delivery by March 16.
A 30-minute video about an African warlord and his army blasted its way onto the Internet this week, lighting up social networks like Facebook and Twitter and becoming a YouTube phenomenon.
Cloud computing price cuts by Google, Amazon and now Microsoft may indicate that businesses are discovering that moving to the cloud doesn't always save costs.
Micron this week announced the first PCIe SSD in a 2.5-in hard drive form factor.
glibc and eglibc 'nis/nss_nis/nis-pwd.c' Remote Information Disclosure Vulnerability
Microsoft on Thursday said it would ship six security updates next week, only one critical, to patch seven vulnerabilities in Windows and a pair of for-developers-only programs.
President Barack Obama has appointed Todd Park, chief technology officer at the U.S. Department of Health and Human Services, as the new CTO for the U.S. government.
Many companies cite data security as their top inhibitor to cloud adoption. Data encryption is a logical security measure, but key management can be tricky. Now there's a new service that simplifies key management while ensuring that no one but the data owner ever knows the master key.
So far this year, the technology sector is off to its best start in the stock market since 2000, right before the dot-com bubble burst, and even though analysts have been forecasting just modest growth in IT spending, there appear to be reasons for continued optimism.
PyPAM Password Null Byte Handling Dereference Denial Of Service Vulnerability
Proposed new European laws on data protection have come under fire from both sides this week.
IBM, whose Watson computer system last year famously beat two of the "Jeopardy!" game show's top contestants, is now looking to deliver the AI-powered computer framework through the cloud.
A team from a French security firm hacked Microsoft's Internet Explorer 9 yesterday at 'Pwn2Own,' making it two browsers busted in two days at the annual contest.
OnLive, a company that recently began offering hosted Windows and Office software remotely from its servers to iPad and Android tablet users, is in violation of Microsoft licensing rules, according to a Microsoft official.
Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE

TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
Technology Digital (press release)
LOS ANGELES, CA--(Marketwire - March 8, 2012) - TeleSign, a market leader in Internet fraud prevention and Intelligent Authentication, today announced that Info Security Products Guide, the industry's leading information security research and advisory ...

and more »
VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service
Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
Intelligent Apps' myTaxi won a $33,000 plus two years of mentoring as the top prize among 50 contestants in CODE_n12 competition at the Cebit trade show.
PAK Cyber Pytres hackers No Swear and Dark Sniper have Just minutes ago released a futher list of 390+ Websites that have been hacked and left defaced in the name of the well known Operation that was dubbed #OpFreePalestine.


TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
Retail Digital (press release)
LOS ANGELES, CA--(Marketwire - March 8, 2012) - TeleSign, a market leader in Internet fraud prevention and Intelligent Authentication, today announced that Info Security Products Guide, the industry's leading information security research and advisory ...

A hacker going by the handle AaDil Rana (J0e R00t) has dumped what they claim to be 1135 breached credit card details, now this happened 3days ago and we held of publishing until now.

@AnonOpsRomania have leaked data from http://www.adas-fusion.eu/ after it was hacked via sql injection.


The human element in Infosec
Crain's Cleveland Business (blog)
Security software vendors are going to tell you that you can come very close to fully automating your security solution by buying something that can take a look at the output from all the various software you have installed and give you detailed ...

Two very different Windows-7-based tablets from HP and Samsung offer a variety of features for business and personal use. Insider (registration required)
The division of Sony that suffered a cyberattack last year, which led to a major PlayStation network outage and sensitive customer data being compromised, has dropped Amazon Web Services for at least a portion of its cloud hosting and computing in favor of an OpenStack platform hosted by Rackspace.
PayPal said Thursday it does not allow its service to be used for the sale of erotic books, but said it was to stay out of legal trouble, and not to impose its moral beliefs on others or restrict free speech.
Western Digital completed Thursday the acquisition of the hard drive business of Hitachi, and set up two subsidiaries with separate brands and products, apparently to meet the conditions of antitrust regulators.
Facebook is acquiring the team at webcam eye-tracking startup GazeHawk, but not its product and technology, GazeHawk said Thursday.
Intel is working to boost data transfer speeds with a faster pipe on Thunderbolt, a high-speed connector technology that link computers with peripherals.
Microsoft will soon shut down the app store for Windows Mobile, the phone platform it is phasing out.
For the second time this week, hackers associated with the Anonymous hacking collective have taken down a website in retaliation for the arrests of several of their prominent members.
Proponents of a common scheme for managing user identity in cloud-based applications will pitch their idea to the Internet's premier standards-setting body at a meeting in Paris later this month.

Posted by InfoSec News on Mar 09


By Dan Goodin
ars technica
March 8, 2012

Less than 24 hours after a Russian hacker pocketed $60,000 by exploiting
a previously unknown critical vulnerability in Google Chrome, company
developers released an update removing the security threat.

The quick turnaround underscores one of the key advantages of Google's...

Posted by InfoSec News on Mar 09


By Cynthia Karena
The Sydney Morning Herald
March 8, 2012

Cyber criminals are not the only ones buying software flaws, say

The Australian government is buying computer security weaknesses found
by hackers before they are sold on the black market, as part of its
defence strategy, claim those at the coal face of cyber security....

Posted by InfoSec News on Mar 09


By Eric Engleman and Chris Strohm
March 7, 2012

The Obama administration will simulate a cyber attack crippling New York
City’s electric supply during a summer heat wave to drum up support for
cybersecurity legislation.

The Federal Bureau of Investigation, National Security Agency and
Justice Department are among...

Posted by InfoSec News on Mar 09


By Ellen Messmer
Network World
March 08, 2012

Should conflict occur, China's cyberwar plans target the U.S., and
today's Chinese joint ventures with U.S. manufacturers in hardware,
software and telecommunications create a "potential vector" for the
People's Liberation Army (PLA) to exploit and compromise, says a report
from the U.S.-China...

Posted by InfoSec News on Mar 09


By Dan Miller
March 08, 2012

LUXEMBOURG -- Manwin, parent company of Digital Playground, has issued a
statement regarding the alleged security breach of the production
company's flagship website, DigitalPlayground.com.

"Due to an alleged security breach, Manwin elected to temporarily shut
down Digital Playground, and related websites, on March 5, 2012," the
statement read....
orionshunter of Bangladeshi black hat hackers has contuined the defacing war that has been going on for the past few months now, with an additional 28+ websites now defaced.

Sbkiller from Cyb3rs3c Crew has announced they have hacked a indian webhosting which has resulted in 40+ websites being left with a new front page.

PCP, Pak Cyber Pytres have hacked and defaced over 150 websites and left the following message and video from well known Team Poison who released the video to help better explain what the Operation, dubbed #OpFreePalestine is all about.

Another government website was victim today to hackers flying the anonymous flag and tagging the hack #FFF. The site athenscountygovernment.com/ was main page defaced with the following message.

27 websites have been hacked by Muslim hackers using the handle Eagle HaXor n PakH3X0r.

VMware vCenter Chargeback Manager Information Disclosure and Denial of Service Vulnerabilities
Anonymous have just announced a fresh #FFF hack and leak which has taken out newyorkironworks.com which is a police equipment store that has been around for 17years.

Internet Storm Center Infocon Status