Hackin9

InfoSec News

Researchers at the User Interface Software Technology conference this week demonstrated unique projects that took advantage of a new, pressure-sensitive "forcepad" that could debut in ultrabooks as soon as next year.
 
For the lack of standards, a good portion of an entire city was lost.
 
Microsoft Windows Kernel 'Win32k.sys' Integer Overflow Privilege Escalation Vulnerability
 
The My Passport Edge for Mac is the newest member of Western Digital's portable hard drive family. It's not wildly different from previous My Passport models, but the Edge does have USB 3.0 connectivity, and has slimmed down to an ultra-thin 4.40 by 0.43 inch enclosure. The My Passport Edge also has many of the features we've come to expect from Western Digital's Mac-centric drives: pre-formatted using HFS+, Time Machine compatibility, WD Security, and WD Drive Utilities. It comes in a 500GB capacity and is backed by WD's three-year warranty.
 
Asustek's innovative laptop-tablet hybrid called Taichi is now on sale in the U.S. starting at $1,299.
 
Microsoft and several online retailers today revealed more Windows 8 pricing information, and began taking pre-orders for the operating system.
 
Japanese conglomerate Softbank has built much of its business using new ideas to disrupt industries, and there are several ways it could shake up the U.S. mobile market, analysts said on Thursday.
 
Dell will continue offering Windows 7 even after the release of Windows 8 at the end of October, the company said.
 
 
cgit 'Author' Field Remote Denial of Service Vulnerability
 
NetApp and Cisco this week revealed ExpressPod, a new, converged infrastructure for small and medium-sized organizations based on its predecessor FlexPod product.
 
An investigation of ultrathin laptops, including Apple's latest Macbook Air, has found they do conform to the EPEAT (Electronic Product Environmental Assessment Tool) environmental standard. The investigation, which covered five laptops made by four companies, was started after Apple said in July it was withdrawing from the voluntary certification then reversed its position after an outcry from its customers.
 
MetaSploit Framework 'pcap_log' Plugin Local Privilege Escalation Vulnerability
 
DDoS attacks on major banks, iOS6 at the Hack-in-the-Box security conference, where the "Limit Ad Tracking" setting in iOS is hiding, and Anoymous's anger at Wikileaks


 
BackWPup Plugin for WordPress Multiple Information Disclosure Vulnerabilities
 
An Arizona man has admitted his involvement in a May 2011 computer attack against the website of Sony Pictures Entertainment that was carried out by the now-defunct LulzSec hacker group.
 
IBM Lotus Notes Traveler Multiple Input Validation Vulnerabilities
 
The Internet Corporation for Assigned Names and Numbers has proposed holding an old-fashioned raffle to determine which applications for new top-level domains should be handled first. To make the lottery legal, the organization hopes to use a loophole in Californian law.
 
The latest version of Amazon Web Services' Linux AMI is now available, and includes the R language as well as new versions of Apache and PHP.
 

Posted by InfoSec News on Oct 12

http://www.nextgov.com/cybersecurity/2012/10/dhs-urged-create-reserve-cadre-cyber-experts/58704/

By Aliya Sternstein
Government Executive
October 11, 2012

A cyber skills task force has recommended that the Homeland Security
Department build a reserve army of cyber specialists from across
government and industry to address emergencies.

Last week, the task force briefed DHS leaders on recommendations for
filling a talent void and molding...
 

Posted by InfoSec News on Oct 12

http://www.washingtonpost.com/world/national-security/cyberattack-on-mideast-energy-firms-was-biggest-yet-panetta-says/2012/10/11/fe41a114-13db-11e2-bf18-a8a596df4bee_story.html

By Ellen Nakashima
The Washington Post
October 11, 2012

A computer virus that wiped crucial business data from tens of thousands
of computers at Middle Eastern energy companies over the summer marked
the most destructive cyberattack on the private sector to date,...
 

Posted by InfoSec News on Oct 12

http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240008942/popular-rats-found-riddled-with-bugs-weak-crypto.html

By Kelly Jackson Higgins
Dark Reading
Oct 11, 2012

RATs have bugs, too: New research shows that remote administration tools
often used for spying and targeted attacks contain common flaws that
ultimately could be exploited to help turn the tables on the attackers.

A pair of interns for Matasano...
 

Posted by InfoSec News on Oct 12

http://www.bankinfosecurity.com/regions-bank-confirms-online-outage-a-5189

By Tracy Kitten
Bank Info Security
October 11, 2012

Regions Financial Corp. on Oct. 11 confirmed its online banking and
corporate websites were suffering intermittent outages related to an
Internet service disruption.

The Regions site outages were expected, based on distributed denial of
service attack threats posted Oct. 8 on Pastebin by the hacktivist group
Izz...
 
ProjectPier 'upload.php' Arbitrary File Upload Vulnerability
 
While the vice presidential debate Thursday night heated up Twitter, it didn't rock the micro-blogging site like last week's presidential debate did.
 
If Japan's Softbank barges its way into the U.S. mobile market, expect contract prices to fall.
 
At least one analyst is predicting social, mobile and cloud technologies will spell the end of the corporate help desk. Not so fast, say corporate IT leaders.
 
Nokia is testing a new solar charging accessory in Nigeria and Kenya, as the company hopes to make it easier for people without regular access to electricity to use their phones, it said in a blog post on Friday.
 
SAS Institute this week unveiled tools it says makes it easier for its enterprise customers to use the company's business analytics software to analyze data stored in Hadoop environments.
 
Just one day after releasing Firefox 16, Mozilla has temporarily pulled the latest update to its open source web browser after finding a browser-history-exposing bug
 
After releasing Firefox 16, Mozilla has now detailed all of the security vulnerabilities fixed in the new version of its browser, most of which are rated as "Critical". New versions of Thunderbird and SeaMonkey also close a number of the same holes
 
Indian outsourcer Infosys blamed continuing global economic uncertainties for a slide in year-on-year revenue growth in U.S. dollar terms, which declined to 2.9% for the third quarter, from 16.7% a year earlier.
 
Apple supplier Foxlink, a maker of iPhone cable connectors, disputed claims on Friday that a company worker committed suicide after being denied a leave of absence, instead suggesting that drug use may have played a role in the worker's death.
 
The mod_pagespeed open source Apache module is now in use at more than 120,000 sites
 
Four vulnerabilities affected the just released Firefox 16, with one flaw affecting Firefox 15 and earlier too. Firefox 16.0.1 is now available for desktop and mobile to close these holes


 
Neelie Kroes, the European Commissioner responsible for the Digital Agenda for Europe, has sharply criticised the W3C for the delays and the chosen way of handling the standardisation of the "Do Not Track" header


 
The European Network and Information Security Agency (ENISA) has presented its "Annual Incident Report" on internet security disruptions in the EU. Rather than dealing with data theft, however, the report focuses on network availability


 
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-88/89 Multiple Vulnerabilities
 
The U.S. is facing a dramatically increasing threat from cyber attacks and a future attack on the country's critical infrastructure could have an effect similar to the Sept. 11 terrorist attacks of 2001, the U.S. Secretary of Defense said Thursday evening.
 
Internet Storm Center Infocon Status