(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Google's monthly update for its wearable computer, Glass, is giving users more voice commands, along with movie and restaurant information and emergency alerts.
Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April, a security expert argued today.
Two years after its launch, NASA's Juno spacecraft is halfway to Jupiter. It's not expected to arrive until 2016.
A modernization of Orange County, Calif.'s tax collection system that was supposed to take three years and cost less than $8 million will cost twice that amount and take twice as long.
Oracle has revamped the user interface for its MySQL Workbench administration software, streamlining a number of routine operations and adding some new time-saving features as well.

The city of London has asked a marketing company to stop using street-side trash bins to track the unique hardware identifier of every Wi-Fi-enabled smartphone that passes by, according to a published report.

The request by London officials came a few days after Ars and other publications reported the deployment of bins outfitted with technology to collect the unique media access control (MAC) address of every Wi-Fi enabled device that came within range. In press releases, the company boasted that the cans, which included LCD advertising screens, "provide an unparalleled insight into the past behavior of unique devices"—and hence of the people who carry them around.

The company, known as Renew, has suspended all trials of the program following a request by London officials, according to an article published Monday by the BBC. The BBC quoted a spokesman for the City of London Corporation as saying, "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public." Meanwhile, Renew's CEO maintained that the bins were mere "glorified people-counters in the street" and that his company held no personal information about the people carrying the mobile devices being tracked.

Read 2 remaining paragraphs | Comments



The hacking team suspected of infiltrating New York Times computers for four months has resurfaced with new attack tools after months of lying low, security researchers said.

The group, commonly known as APT 12, has for years engaged in a series of computer intrusions designed to obtain sensitive information from government agencies, military contractors, journalists, and others. According to a blog post published Monday by research firm FireEye, the gang went silent after the exposure of the four-month hacking campaign, which the NYT said was in response to a story critical of the family of Chinese prime minister Wen Jiabao.

Now the group is back, this time attacking an unidentified "organization involved in shaping economic policy," Monday's report said. In addition to hitting a new target, the group also used an updated hacking tool from the Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe malware families.

Read 3 remaining paragraphs | Comments


OpenStack Swift CVE-2013-4155 Denial of Service Vulnerability
Cisco Finesse CVE-2013-3455 User Data Information Disclosure Vulnerability
Cisco Finesse CVE-2013-3457 Information Disclosure Vulnerability
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
A new generation of faster, cheaper flash storage is hitting the enterprise market and will be in the spotlight this week at the Flash Memory Summit conference.
Salesforce.com has rolled out a new product bundle that includes even more applications than its high-end Unlimited Edition, albeit at a higher price.
[SECURITY] [DSA 2737-1] swift security update
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
RE: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
The BlackBerry 10 OS was supposed to save BlackBerry, but the company's phones have now slipped into fourth place, according to IDC and others.
Apple's unveiling of its iPhone 5S is expected Sept. 10, just six days after Samsung's launch in Germany of its next Galaxy gadget, probably a Note III smartphone-tablet.
The U.S. Bureau of Labor Statistics reported 3,600 jobs were created in the tech category, 'data processing, hosting and related services,' marking the single best month of job growth in this category since June 1998.
Microsoft has kicked off licensing add-ons that let enterprises add Office 365 subscriptions atop existing volume license agreements, touting the new options as a simpler way for businesses to move to a rent-not-buy model.
Creating or updating your resume can feel like a daunting task, but it doesn't have to be. That said, IT is a competitive job market, and companies and recruiters can get hundreds of responses from job postings. The amount of time you have to capture their attention is fleeting. Your resume is, in many cases, your only contact with hiring managers and potential employers. What you showcase can mean the difference between getting the interview and being summarily passed over.
LinuxSecurity.com: Updated lcms2 packages fixes security vulnerability: It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could [More...]
LinuxSecurity.com: Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
The Chinese hacker group that broke into the computer network of The New York Times and other high-profile organizations, including defense contractors, has launched new attacks following a few months of inactivity, according to researchers from security vendor FireEye.

Bitcoin.org released a security advisory over the weekend warning the Bitcoin community that any Bitcoin wallet generated on any Android device is insecure and open to theft. The insecurity appears to stem from a flaw in the Android Java SecureRandom class, which under certain circumstances can produce numbers that aren't truly nondeterministic. This can allow an attacker to work out a victim's cryptographic private key. Private keys are used to sign Bitcoin transactions; if an attacker has a victim's private key, the attacker can execute Bitcoin transactions as if he were that person.

So far, it appears that the vulnerability has been used to steal at least 55 BTC (approximately $5,720 as of this morning).

To conduct a Bitcoin transaction, a user transfers BTC from his address to the intended recipient's address; when this happens, the sender attaches the recipient's cryptographic public key to the end of that bitcoin's record (its "blockchain") and signs that addition with his own cryptographic private key. This addition is broadcast out across the Bitcoin network, and other users verify the transaction and are rewarded for their verification work with new bitcoins (this verification work, also called "mining," is currently the predominant method of Bitcoin creation). Bitcoin users can generate as many Bitcoin addresses as they like, and in fact users are encouraged to generate lots and lots of addresses to increase their anonymity—up to and including generating a brand-new address for every single transaction they'd like to make.

Read 5 remaining paragraphs | Comments


Your networking and resume work has paid off. You finally landed an interview for your dream job as an IT executive and you couldn't be more excited. The only thing that stands between you and the executive washroom is the interview itself.
Blackberry's board of directors has formed a committee to explore strategic alternatives for the future of the company that could include joint ventures or a sale of the company, as it struggles to turn its new BlackBerry 10 operating system into a success.
Microsoft Windows Print Spooler CVE-2012-1851 Remote Code Execution Vulnerability
libmodplug CVE-2013-4233 Integer Overflow Vulnerability
[ MDVSA-2013:211 ] lcms2
LibTIFF Memory Corruption and Multiple Buffer Overflow Vulnerabilities
Sales of the ZTE Open Firefox OS phone will start soon via eBay's stores in the U.S. and U.K.
Drupal Authenticated User Page Caching Module Information Disclosure Vulnerability
Drupal Mozilla Persona Module Cross Site Request Forgery Vulnerability
Linux Kernel CVE-2013-4205 Local Denial of Service Vulnerability
To forecast sales and manage inventory of its yogurt products, Dannon switched from a manual, spreadsheet-driven process to a more scientific, computer-based approach using a suite of predictive analytics tools. Among other things, the new systems has improved the accuracy of forecasts from about 70% to 98%. Insider (registration required)
Coding tournaments and similar challenges have emerged as innovative ways for employers to identify highly skilled IT professionals.
Search in Windows 8.1, now in preview, will use Bing to deliver targeted ads, even when you're just searching local drives.
Providing a quick-win deliverable is of value only if what was asked for is what's really required.
No more counting lines of code: Managers look for new ways to assess IT employee performance.
A mentor and mentee explain what they have gained from their company's mentorship program.
IT leaders are fed up with the perpetual-license-plus-maintenance approach to enterprise software purchases, and they're tired of running on the upgrade treadmill simply for the sake of keeping their software maintenance status current. Here's a look at how they're breaking free.
The pressures to send some IT security activities offshore couldn't be resisted, but so far, it's working out well.
Microsoft's bet that touch would propel Windows 8 has run into a major snag, an industry analyst said: Consumers see little reason to pay premium prices for touch-enabled laptops.
A survey of nearly 1,200 SAP professionals in the U.S. has produced some interesting details about what they are paid, where they work, how many of them use visas, and what their job expectations are.
Chrony CVE-2012-4502 Denial of Service Vulnerability
SPICE CVE-2013-4130 Multiple Denial of Service Vulnerabilities
Chrony CVE-2012-4503 Remote Denial of Service Vulnerability
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure

Posted by InfoSec News on Aug 12


By Rachel Marsden
Korea Herald

Major media outlets have featured him as representative of a new
generation of “patriot hackers.” He sent an old laptop to the
International Spy Museum in Washington, D.C., where it’s now on display.
He claims to have launched hacking attacks on websites ranging from
jihadist forums to WikiLeaks. Last week, a guest on the syndicated radio...

Posted by InfoSec News on Aug 12


By Justin Bachman
Bloomberg Businessweek
August 09, 2013

Hackers love credit card numbers, sure, but frequent flier miles? US
Airways (LCC) is notifying some members of its Dividend Miles loyalty
program that miles have been stolen from some 7,700 compromised accounts.
The breach was discovered on July 12, the airline said in a...

Posted by InfoSec News on Aug 12


By Howard Altman
Tampa Tribune Staff
August 8, 2013

On July 29, after showing her driver's license to the gate guards, a woman
made her way onto Ft. Carson in Colorado and wound up in a Special Forces
recruiting office. When she started asking questions about the 10th
Special Forces Group, headquartered there, it raised concerns and military

Posted by InfoSec News on Aug 12


By Alex Hern
10 August 2013

On Thursday afternoon, Ladar Levison, the owner and operator of Lavabit,
an email service that prides itself on privacy and security, abruptly
closed his website, posting a short message to his former users. "I have
been forced to make a difficult decision: to become complicit in crimes
[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid ArrayIndexing
[SECURITY] [DSA 2736-1] putty security update
Internet Storm Center Infocon Status