Hackin9

InfoSec News

The World Conference on International Telecommunications (WCIT) apparently has placed a resolution on the Internet in the regulations being developed at the meeting, drawing accusations that it acted improperly.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cybercriminal gang associated with the Butterfly Botnet is believed to have netted more than $850 million by stealing credit card and bank account data.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Technologies like data loss prevention boost protection, but a determined adversary will get past the sensors, explains security expert Hugh Thompson.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Successful data loss prevention deployments require data governance maturity, a great deal of tuning and acknowledgement that it's not a panacea.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The antivirus pioneer John McAfee is headed back to the United States after authorities in Guatemala expelled him earlier today for illegally entering the country in an attempt to escape authorities in Belize, where he is wanted for questioning in connection with a murder.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Thanks to the Hubble Space Telescope, astronomers have gotten a look at seven galaxies that were created when the universe was very young.
 
Apple and Microsoft are arguing over the iOS App Store's submission and payment requirements, and Microsoft has already made concessions as it tries to get its SkyDrive app approved, support discussions show.
 
Protecting sensitive electronic information in different situations requires different types of cryptographic algorithms, but ultimately they all depend on keys, the cryptographic equivalent of a password. A new publication* from the ...
 
After each presidential election, the government's top intelligence experts release a report about the future. It's always a best seller.
 
Despite Facebook users losing out on a privacy policy vote earlier this week, the social network moved today to make its privacy tools easier for them to access.
 
Sales of the Microsoft Surface RT tablet are hard to measure, but one study indicates the new device is generating a tiny portion of Web traffic -- less than 1%.
 
A survey by health technology provider Philips shows that 11% of U.S. respondents think they might already be dead or severely incapacitated if not for Web-based health information.
 
Pope Benedict's XVI used his first tweet to bless the approximately 648,000 people who followed him before he had even made his first Twitter appearance.
 
Computer technology accounted for more patent applications in recent years than any other industry sector tracked by the World Intellectual Property Organization, although the number of digital communication patent applications grew faster. Industrial design registrations are also growing.
 
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1960 Out of Bounds Memory Corruption Vulnerability
 
The European Union's competition chief has said negotiations with Google to settle an antitrust probe have "advanced", but talks are not yet concluded.
 
Oracle is simplifying its security offerings by combining a pair of existing tools into a single package.
 
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1957 Cross Site Scripting Vulnerability
 
Hewlett-Packard will allow enterprises to pay for managed LAN offerings based on usage, in much the same way they pay for cloud services, through a partnership with telecom service providers.
 
Companies worried about their bills for cloud services have a new -- and free -- option: Apptio's Cloud Express, which can track usage and costs for cloud services from Amazon Web Services, Microsoft and Rackspace.
 
Let's face it -- when it comes to IT professional development, books might be the last place people turn. With webinars, online forums, blogs, Web sites, bootcamps and social media, books would seem like a last resort.
 
Microsoft may have accelerated plans to expand the Surface RT's retail footprint because touch-sensitive devices are the only Windows hardware flying off shelves, an analyst said yesterday.
 
If you're watching TV and the channel suddenly changes, you may not have sat on the remote control by accident.
 
Taiwan's MediaTek announced a new quad-core ARM chip made for mid- to high-end Android devices that the company hopes will keep it competitive as rival chip makers also come out with their own quad-core chipsets.
 
A marketplace where security researchers can sell details on software bugs said it was compromised on Tuesday due to an "embarrassing oversight" that left its web server vulnerable.
 
Google has shut down its online shopping service in China, further slimming down its product portfolio for the country after it pulled the plug on its free music service back in September.
 
In November, unknown attackers crippled the internet infrastructure of 50Hertz, a power grid operator that runs transmission networks in Northern and Eastern Germany; however, no critical infrastructures are believed to have been affected


 
Multiple Rockwell Automation Products CVE-2012-4690 Remote Denial of Service Vulnerability
 
U.S. law enforcement agencies with the help of Facebook have arrested 10 people from various countries in connection with international cybercrime rings that targeted users on the social network.
 
Antivirus pioneer John McAfee could soon be released from detention in Guatemala where he is being held on charges that he entered the country illegally in an attempt to escape authorities in Belize where he is wanted for questioning in a murder case.
 
Adobe's fixes for Flash Player shut down critical flaws that are apparently already being exploited in the wild. There are also updates for Adobe AIR and Adobe ColdFusion 9 and 10


 
Adobe ColdFusion CVE-2012-5675 Security Bypass Vulnerability
 
Intel announced a 64-bit, 32nm dual-core Atom processor, the S1200, which is designed for the emerging microserver market.
 
For weeks, unknown criminals have exploited a known hole in the widely used Java Content Editor to take control of web servers via automated attacks. It seems that they have now started to cash in and deploy malware via the hijacked sites


 
Squashfs Stack-Based and Heap-Based Buffer Overflow Vulnerabilities
 
Smartphones are more important to young adults in the U.S. and three other countries than laptops, desktops or tablets, according to a survey of 1,800 18- to 30-year-old users in 18 countries.
 

Posted by InfoSec News on Dec 11

http://www.csoonline.com/article/723577/ghostshell-takes-credit-for-extensive-hack-of-government-private-websites

By Antone Gonsalves
CSO
December 11, 2012

The hacktivist group Team Ghostshell took credit Monday for the release
of 1.6 million accounts and records stolen from government and private
organizations covering aerospace, law enforcement, the military, the
defense industry and banking.

Among the organizations the group claimed to...
 

Posted by InfoSec News on Dec 11

http://www.clinical-innovation.com/topics/privacy-security/email-intruder-causes-nc-hospital-data-breach

By Beth Walsh
Clinical-Innovation.com
Dec 11, 2012

Approximately 5,600 patients of Carolinas Medical Center-Randolph are
impacted by a data breach caused by an unauthorized electronic intruder
who obtained incoming and outgoing emails from a provider's account
without the provider's or the hospital's knowledge.

The...
 

Posted by InfoSec News on Dec 11

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240144243/new-cyberespionage-attack-targets-russia.html

By Kelly Jackson Higgins
Dark Reading
Dec 11, 2012

China is often considered synonymous with cyberespionage, but what about
Korea? A new targeted attack campaign with apparent Korean ties has been
stealing email and Facebook credentials and other user-profile
information from Russian telecommunications, IT,...
 

Posted by InfoSec News on Dec 11

http://www.nextgov.com/big-data/2012/12/how-much-crime-really-occurs-dont-ask-feds/60084/

By Aliya Sternstein
Nextgov
December 11, 2012

The United States has no accounting of how much crime there really is
nationwide because FBI statistics do not reflect cybercrimes and other
offenses that have cropped up since reporting began in 1930. But that
might change in 2013.

“Millions victimized by fraud and online crimes, but this is often not...
 

Posted by InfoSec News on Dec 11

http://arstechnica.com/tech-policy/2012/12/anon-on-the-run-how-commander-x-jumped-bai/

By Nate Anderson
Ars Technica
Dec 11 2012

"You scared?" asks the fugitive in the camouflage pants as he sidles up
to our pre-arranged meeting point in a small Canadian park. He wears
sunglasses to hide his eyes and a broad-brimmed hat to hide his face. He
scans the park perimeter for police. "Cuz I'm scared enough for both of
us."...
 
Internet Storm Center Infocon Status