Hackin9
Hewlett-Packard has kicked off an ambitious project that aims at nothing less than reinventing the basic architecture of computers. It looks like servers are its initial target, but HP is also working on an Android version that it says could lead to smartphones with 100TB of storage.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A U.S. federal appeals court ruled Wednesday that law enforcement officials need to have a warrant to access phone location data from cellular carriers.
 
Mozilla Firefox CVE-2014-1540 Memory Corruption Vulnerability
 
Mozilla Firefox CVE-2014-1542 Remote Buffer Overflow Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1536 Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1537 Memory Corruption Vulnerability
 
Days after Samsung introduced a Tizen OS-based smartphone, a UK-based analyst declared the operating system a non-starter, despite its backing by a consortium of heavyweights including Intel, Samsung and LG Electronics.
 
Rep. Eric Cantor, the House majority leader who lost a primary bid Tuesday for re-election, was a reliable "yes" vote for increasing the H-1B visa cap. The man who beat him, David Brat, won't be.
 
The American Medical Association today voted to approve a list of guiding principles for ensuring the appropriate coverage of and payment for telemedicine services.
 
Linux Kernel CVE-2014-3940 Unspecified Security Vulnerability
 
QEMU Multiple Memory Corruption Vulnerabilities
 
Aurich Lawson / Universal Pictures

Twitter on Wednesday was briefly overrun by a powerful computer worm that caused tens of thousands of users to tweet a message that contained self-propagating code exploiting a bug in the TweetDeck app.

Within a few hours, the cross-site scripting (XSS) attack caused at least 37,000 84,700 users to retweet a single message originally transmitted by the user @derGeruhn. The body of the message contained JavaScript commands that caused anyone viewing it in TweetDeck to automatically retweet it. The message spread virally. The more times it was retweeted, the more times it was viewed and retweeted by other people using the vulnerable app. The BBC News Twitter account alone pushed the message to 10.1 million followers.

It's by no means the first time a worm has slithered through Twitter. Worms based on clickjacking exploits and XSS attacks were documented as long ago as 2009 and were also used maliciously in 2011 to spread scam messages.

Read 5 remaining paragraphs | Comments

 
As spring comes to a close, it's an ideal time to clear the clutter from your resume. It's key to make sure you present only relevant, current information in the most attractive way possible. Here, three experts weigh in on what to toss out and what to keep.
 
Web applications may one day surpass desktop applications in function and usability -- if developers have more programming languages to choose from, according to a Google engineer.
 
This week robots with no human handler will be making their way through a field, searching for hockey pucks, blue rocks, wooden cubes and the like.
 
Target has hired a chief information security officer, a move that's noteworthy mainly because it is the first time the company has had anyone in this role -- even though it is one of the largest retailers in the U.S.
 
Days after Samsung introduced a Tizen OS-based smartphone, a UK-based analyst declared the operating system a non-starter, despite its backing by a consortium of heavyweights including Intel, Samsung and LG Electronics.
 
Lowes plans to roll out augmented reality rooms in stores that allow customers to recreate areas of their homes so they can try out furniture, appliances, flooring and other products before buying them.
 
There's no good reason Microsoft can't adopt Apple's "Handoff" technology in its iOS and OS X Office apps, an analyst said today.
 
Blog by Chris Greer, Senior Executive for Cyber-Physical Systems at the National Institute of Standards and TechnologyIn the early 1990s, a Web page consisted of crude, rainbow-colored, text-filled boxes that hyperlinked to more text. ...
 
Facebook is branching out from its flagship "blue app" to become a broad-based technology company both in its products and behind the scenes.
 

News aggregator Feedly was made inaccessible by attackers who are demanding a ransom to stop their crippling assault. Two other cloud-based servers, Evernote and Deezer, have also buckled under distributed denial of service (DDoS) attacks in recent days.

Most or all of Feedly's 12 million or so users were unable to access its website early Wednesday morning. A few hours later, parts of the site gradually came back online. In an advisory, officials wrote:

2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.

We are working in parallel with other victims of the same group and with law enforcement.

We want to apologize for the inconvenience. Please know that your data is safe and you will be able to re-access your feedly as soon as the attack is neutralized.

On Tuesday, Evernote also experienced connectivity problems that it attributed to DDoS attacks. The service seemed to be working normally as of press time. Cloud-based music service Deezer suffered a DDoS attack over the weekend, according to The Inquirer, which cited e-mails company officials sent to subscribers.

Read 2 remaining paragraphs | Comments

 
chkrootkit 'slapper()' Function Local Privilege Escalation Vulnerability
 
LongTail JW Player CVE-2012-3351 Cross Site Scripting Vulnerability
 
A new Trojan program that can spy on victims, steal login credentials and interfere with browsing sessions is being sold on the underground market and might soon see wider distribution.
 
Most mobile applications will collect and analyze information about end users by 2015, a trend that raises both rewards and risks for enterprises, according to analyst firm Gartner.
 
Except for a brief period after buying Sun Microsystems four years ago, Oracle's hardware business has been largely overlooked.
 
China makes headlines every other week for its censorship of the Internet, but few people outside the country know what it's like to live with those access controls, or how to get around them.
 
Hewlett-Packard is reportedly developing a powerful new type of computer that draws on technologies under development at HP Labs, including memristors and silicon photonics.
 
Microsoft has in a landmark case challenged in U.S. federal court a search warrant for private email communications located in the company's facility in Dublin, Ireland, after a magistrate judge quashed in April its opposition to the warrant.
 
Twitter took its browser-based TweetDeck service offline today for an hour as it wrestled with a vulnerability that criminals exploited to tweet script-filed messages to victims' feeds.
 
GNU glibc 'getaddrinfo()' Remote Denial of Service Vulnerability
 
Google is getting on the soccer World Cup bandwagon with a Glass update that lets users keep track of the tournament.
 
Innovations for predictive virtual keyboards used in smartphones and tablets keep rolling in. SwiftKey said its Keyboard app for Android smartphones and tablets that allows predictive typing would be free on Google Play.
 
RSS aggregator Feedly today vowed not to give in to an extortion demand backed by a distributed-denial-of service attack that knocked its site offline eary Wednesday.
 

Automatically updating Android apps could get riskier thanks to a change Google developers have made to the way the OS discloses new app permissions, such as the ability to send potentially costly text messages or track a user's precise geographic location.

Previously, automatically updated apps displayed explicit details when a new version gained additional privileges. For example, an app that previously tracked only coarse GPS coordinates would warn users if an update would begin receiving fine coordinates. Similarly, a newly assigned ability to send SMS messages would also be disclosed. Under changes implemented through the latest Play store app, neither new privilege is displayed if a user has previously accepted any other permission in the same category as the new permission. In other words, by accepting one permission from a category, users agree that every other permission in that category can be added without notification in future updates.

The change is an attempt by Google to streamline and simplify the process of installing updates. Rather than providing lengthy details many users likely don't understand, the new permission disclosure is much less verbose. Permissions are indicated only by a very general category such as Location, SMS, or Contacts/Calendar. Users who want to track precisely how a permission may have changed must click the category to see if specific new capabilities have been added. As a result, an app update that replaces coarse location with fine location simply shows the location category. End users must manually drill down to learn of the change.

Read 4 remaining paragraphs | Comments

 
China's Alibaba Group is expanding in the U.S., with a new e-commerce site that's geared for buyers interested in boutique stores.
 
The Mozilla Foundation and chip maker Spreadtrum have partnered with two Indian vendors to launch ultra-low-cost smartphones in the next few months. Spreadtrum said the phones could cost just US$25.
 
If you love the way colors pop on large OLED displays, Sharp and other Japanese companies are working on a tiny treat for you: a 13-inch OLED screen with 8K resolution.
 
Net neutrality is about more than individual consumers' rights to stream video over the Web without paying extra for it. Partitioning the Internet into haves and have-nots will give big companies yet another advantage over smaller, more disruptive firms. Speak up before your business gets shut out, CIO.com contributor Jonathan Hassell recommends.
 
Snapchat had a rough May, and that's even before taking into account the massive competitive threats it faces from Apple and Facebook. The company has a lot of growing up to do. And it better do it fast.
 
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More...]
 
LinuxSecurity.com: Updated qemu-kvm packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical [More...]
 
LinuxSecurity.com: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated qemu-kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated json-c packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
 
[security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution
 
[ MDVSA-2014:121 ] libgadu
 
Oracle Access Manager CVE-2014-2452 Remote Security Vulnerability
 
CVE-2014-3977 - Privilege Escalation in IBM AIX
 
NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities
 
WiTricity has agreed to work with Intel to integrate wireless charging technology for computing devices powered by the chip maker.
 
The European Commission has opened an in-depth investigation into Apple's corporate tax affairs on suspicion that the company did not pay its fair share of income taxes.
 
[ MDVSA-2014:117 ] libcap-ng
 
[ MDVSA-2014:116 ] file
 
Adobe Flash Player and AIR CVE-2014-0534 Unspecified Security Bypass Vulnerability
 
Adobe Flash Player and AIR CVE-2014-0533 Unspecified Cross Site Scripting Vulnerability
 
CodeIgniter <= 2.1.4 Session Decoding Vulnerability
 
The European Commission has opened an in-depth investigation into Apple's corporate tax affairs on suspicion that the company did not pay its fair share of income taxes.
 
[ MDVSA-2014:115 ] php
 
[ MDVSA-2014:114 ] squid
 
[ MDVSA-2014:113 ] python-django
 
Re: MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
 
Companies are having to be pickier about which data sets they collect, process and use. It's all about having the right architecture in place.
 
Qualcomm is bringing 4G coverage to offices and homes with a low-cost chip that will power wireless routers with both Wi-Fi and LTE.
 
A hard-to-tracking hacking group, known to use zero-day attacks, changed tack to use social media in an attempt to compromise an employee of an energy company, according to new research from FireEye.
 
A large batch of stolen credit card numbers for sale on an underground forum may have come from a breach at P.F. Chang's China Bistro, a restaurant chain that said on Tuesday it is investigating.
 
Microsoft has in a landmark case challenged in U.S. federal court a search warrant for private email communications located in the company's facility in Dublin, Ireland, after a magistrate judge quashed in April its opposition to the warrant.
 
Online word processors, spreadsheets, and presentation apps can be surprisingly useful, or surprisingly lame, and not even Microsoft aces Office document compatibility
 
Evernote was resuming operations early Wednesday following a denial of service attack.
 

Posted by InfoSec News on Jun 11

http://www.networkworld.com/article/2360983/security0/annual-cost-of-cybercrime-hits-near-400-billion.html

By Ellen Messmer
NetworkWorld
June 9, 2014

An estimate of the global cost of cybercrime — losses from cyber-espionage
theft of intellectual property, plus all types of personal and financial
data stolen and dealing with the fallout — is being tabbed at least $400
billion annually, according to the report published today by the...
 

Posted by InfoSec News on Jun 11

http://www.computerweekly.com/news/2240222263/UK-finance-industry-launches-cyber-security-framework

By Warwick Ashford
ComputerWeekly.com
10 June 2014

The UK finance industry has launched a cyber security framework for sharing
detailed threat intelligence, testing cyber security and benchmarking financial
service providers.

The CBEST framework was developed by the Council of Registered Ethical Security
Testers (Crest) in collaboration with...
 

Posted by InfoSec News on Jun 11

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/

By Brian Krebs
Krebs on Security
June 10, 2014

Nationwide chain P.F. Chang’s China Bistro said today that it is
investigating claims of a data breach involving credit and debit card data
reportedly stolen from restaurant locations nationwide.

On June 9, thousands of newly-stolen credit and debit cards went up for
sale on rescator[dot]so, an underground store best...
 
Mozilla Firefox/Thunderbird CVE-2014-1541 Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1538 Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1533 Multiple Memory Corruption Vulnerabilities
 
Internet Storm Center Infocon Status