Salesforce.com is to acquire Clipboard, a Web clipping and sharing service, and is closing down the service.
A vast debit card fraud scheme that allegedly netted US$45 million has been linked to the hacking of credit card processors in the U.S. and India.
Hackers who commandeered The Onion's Twitter account used simple but effective phishing attacks to obtain passwords, according to a writeup by the publisher's technology team.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Twitter has acquired Ubalo, a company that provides various services aimed at speeding up the coding process, the social network announced Thursday.
Box has acquired Crocodoc in a move to significantly improve the way documents are rendered for viewing on its enterprise storage and file sharing service.
Not everything on YouTube is free any more. The video-sharing website will now charge users a monthly fee to view certain content offered through subscription channels, the Google-owned site announced Thursday.
Microsoft is still working on a permanent fix for the IE8 zero-day found in the Dept. of Labor website attack. Also: Adobe preps ColdFusion patch.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The first mobile devices to use Nvidia's Tegra 4 chips will be announced this quarter, meaning smartphones and tablets based on the new processor should be available soon.
With the backing of its new parent company, Yammer more than tripled its revenue year on year in the quarter that ended in March.
3D printing has been attracting more attention in recent months as a tool to create gadgets, toys and miniature works of art. Now President Barack Obama thinks it can also play a role in strengthening the military and America's sagging manufacturing industry.
The U.S. Federal Communications Commission has taken a major step toward helping more airlines offer in-cabin wireless broadband, with the agency voting Thursday to explore using new spectrum for air-to-ground broadband service.
The U.S. Department of Defense Trade Controls has apparently ordered Defense Distributed to removed the blueprints for a 3D printable gun from its website.
New legislation introduced by a group of U.S. lawmakers would require mobile application developers to obtain consent from consumers before collecting their personal data and to secure the data they collect.

Federal authorities have accused eight men of participating in 21st-Century Bank heists that netted a whopping $45 million by hacking into payment systems and eliminating withdrawal limits placed on prepaid debit cards.

The eight men formed the New York-based cell of an international crime ring that organized and executed the hacks and then used fraudulent payment cards in dozens of countries to withdraw the loot from automated teller machines, federal prosecutors alleged in court papers unsealed Thursday. In a matter of hours on two separate occasions, the eight defendants and their confederates withdrew about $2.8 million from New York City ATMs alone. At the same times, "cashing crews" in cities in at least 26 countries withdrew more than $40 million in a similar fashion.

Prosecutors have labeled this type of heist an "unlimited operation" because it systematically removes the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that process online payments for prepaid MasterCard debit card accounts issued by two banks—the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman—according to an indictment filed in federal court in the Eastern District of New York. Prosecutors didn't identify the payment processors except to say one was in India and the other in the United States.

Read 3 remaining paragraphs | Comments

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities
ESA-2013-021: EMC Documentum Multiple Vulnerabilities
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
Amazon is reportedly developing a smartphone that sports a 3D screen that relies on retina-tracking technology to make images seem to float above the screen like a hologram.
PayPal's security chief wants to kill the password—without forcing you to carry around one of these.

PayPal's top security official is on a quest to kill passwords.

"Our intention is to really obliterate, within a certain number of years, both passwords and PINs and see the whole Internet—including internally in enterprises—obliterate user IDs and passwords and PINs from the face of the planet."

That's what Michael Barrett, chief information security officer at PayPal, told the network industry today at the Interop conference in Las Vegas. Barrett's second job is as president of the FIDO Alliance, a recently unveiled consortium trying to create an open standard that could replace passwords. Google, Lenovo, and other companies have representatives on FIDO's board of directors.

Read 17 remaining paragraphs | Comments

ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability
Vulnerability in "Fujitsu Desktop Update" (for Windows)
[security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Cod
Samsung has built several different Galaxy S4 smartphones, including a U.S. version running a Snapdragon processor that requires an extra image processor to enable heavily promoted user functions such as eye-movement recognition.
Microsoft today said it will issue 10 security updates next week, two rated "critical," to patch 34 vulnerabilities, including the zero-day bug that has been used by cyber criminals to poison "watering hole" websites in attacks aimed at U.S. government workers.
Intel has acquired two software companies as it continues to build its burgeoning portfolio to include more tools to write and manage programs and interfaces.
Google Glass developers and early adopters should be getting a software upgrade within the next week that adds tweaks to Google+, Gmail and search.
One of the first Google Glass apps, Winky, lets Glass users take pictures with the blink of an eye, leading some to start talking about potential privacy issues and social etiquette. Would you buy a pair of Google Glass when it becomes available?
SAP's Sapphire conference kicks off next week in Orlando, setting the stage for the company to sell customers on its visions for cloud-based applications, in-memory computing and mobility.
U.S. President Barack Obama has signed an executive order requiring that government data be made available in open, machine-readable formats, expanding open-access requirements from earlier in his administration.
Facebook has attracted "just about" 1 million downloads of its Home application in its first month of availability.
Western Digital has unveiled more information on its first hybrid solid-state drive, revealing that it worked with SanDisk to create the 500GB drive.
Microsoft released a temporary fix to mitigate attacks using the most recent Internet Explorer 8 zero day vulnerability.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Facebook reportedly is in talks to buy a popular Israeli-based crowd-sourced mapping and traffic app.
phpMyAdmin 'filename_template' Remote Code Execution Vulnerability

On Monday, the "hacktivist" group Syrian Electronic Army (SEA) briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli "joke" stories and an anti-Obama "meme" image. The Onion returned fire with its own joke story, "Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Death At Hands of Rebels."

Putting all jokes aside, The Onion's technology team yesterday made a post describing how the SEA had managed to compromise the accounts of a number of employees and take control of the Twitter feed—a series of phishing attacks that took advantage of the organization's use of Google Apps.

According to The Onion's Chris Sinchok, the attack started as a series of phishing e-mails to Onion staff members, which included a link to what appeared to be a Washington Post article. The URL was actually a link to a hacked website that redirected to a fake Google Apps login page. "At least one Onion employee fell for this phase of the phishing attack," the security team reported in the blog post. That employee's credentials were used to gain access to the employee's Google Apps e-mail account, which was then used by the attackers to send further phishing attacks from an internal Onion address, using a link to the same fraudulent Google Apps login page.

Read 7 remaining paragraphs | Comments

Details of how recent hijackings of high-profile news site Twitter accounts were carried out have been scarce, but The Onion, itself a victim, has now detailed the timeline of phishing and hijacking that took place when it lost control of its tweets

RETIRED: GroundWork Monitor Enterprise 'Noma' Component Multiple Input Validation Vulnerabilities


John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
GroundWork Monitor Enterprise 'NeDi' Component Multiple Security Vulnerabilities
Firefox for Windows 8's "Modern" user interface (UI) will likely wrap up development this fall, Mozilla said on its website in a best case-worst case schedule.
OnApp and Dell have teamed up to create pretested cloud packages for service providers and make it easier for them to roll out services, which could result in more competition in the cloud space.
The rapid rise of cloud computing means corporate IT may no longer be the cheapest purveyor of application hosting, infrastructure, storage and other services. The sooner IT leaders come to terms with this, the better.
Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.
GroundWork Monitor Enterprise Multiple Security Vulnerabilities
GroundWork Monitor Enterprise XML External Entity Injection And Command Injection Vulnerabilities
GroundWork Monitor Enterprise 'Cacti' Component Authorization Security Bypass Vulnerability
GroundWork Monitor Enterprise 'Performance' Component Arbitrary File Overwrite Vulnerability
As the need for mobile apps developers increases and interest in computer science courses wanes, professional educator-programmers are reaching out to a younger generation of potential coders: students as young as 10.
Domain registrar Name.com forced its customers to reset their account passwords on Wednesday following a security breach on the company's servers that might have resulted in customer information being compromised.
All versions of Ubuntu 11.10, the desktop version of Ubuntu 10.04.4 LTS, and the server edition of Ubuntu 8.04.4 LTS reach their end of life today. Canonical recommends users upgrade as soon as possible

A critical vulnerability allows attackers to read any file from a ColdFusion server and there is no fix currently available. Adobe is offering mitigation advice until it can ship a fix next week

Pioneer will soon launch a new car navigation system in Japan that uses dashboard cameras to scan the road ahead for approaching street signs and other cars, and will share images of road conditions with other vehicles.
Microsoft this week said that it had sold 100 million licenses of Windows 8 in the operating system's first six months. But how many copies are being used?
Apple retook its spot as China's fifth largest smartphone vendor in the first quarter, as the country's market grew to triple the size of the U.S.'s.
Have a presentation or a favorite video hiding in your smartphone? One of these five mobile projectors will let you show off.
The upcoming Firefox OS will appear on higher-end smartphones, and not just entry-level handsets, with Sony expected to release a premium device running the operating system, a Mozilla executive said.
Microsoft has released a "Fix It" for the recently discovered Internet Explorer 8 vulnerability and hints that a full fix may be in the coming Patch Tuesday updates

Xen CVE-2013-1952 Local Denial of Service Vulnerability
Xen Page Table Manipulation CVE-2013-1918 Denial of Service Vulnerability

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Kindergarten rules for living well can get you in trouble in the corporate world. Now, there is an app for business complications of the worst type.
LG's new Optimus G Pro smartphone brings a fresh dose of elegance to the supersized smartphone form. Could it be the new heavyweight champion?
Nokia has expanded its line of phones with the Asha 501, which comes with an improved touch user interface to help keep low-cost Android-based products at bay.
ERDAS ER Viewer 'ERM_convert_to_correct_webpath()' Function Stack Buffer Overflow Vulnerability
Sony made good on a promise to return to profitability after offloading a number of valuable assets last year, but its core electronics business is still losing money.
The upcoming Firefox OS will appear on higher-end smartphones, and not just entry-level handsets, with Sony expected to release a premium device running the operating system, a Mozilla executive said.
Proposed legislation in California aims to ban guns made using 3-D printing, after an organization Defense Distributed fired a handgun made with the technology, and said it would distribute its drawings online.
Internet Storm Center Infocon Status