Hackin9
Intel has scaled back plans for the next version of Itanium in a move that raises questions about the future of the 64-bit server chip, used primarily in Hewlett-Packard's high-end Integrity servers.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google is rolling out some enhancements to Google Now, a mobile app that gives Android users personalized information on the fly. The changes could help make the tool a bigger part of people's daily lives.
 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Africa has become a battleground for low-to-mid-range smartphones following high-profile launches of products from leading manufacturers in the last two months.
 
Cisco Systems posted higher revenue and profit in its fiscal second quarter as Chairman and CEO John Chambers reiterated the company's ambitious goal to become the biggest company in IT.
 
 
PolarSSL MAC Check CVE-2013-1622 Security Vulnerability
 
PolarSSL CVE-2013-1621 Remote Denial of Service Vulnerability
 
OpenSSL Multiple Remote Denial of Service Vulnerabilities
 
Two U.S. lawmakers have reintroduced a controversial cyberthreat information-sharing bill over the objections of some privacy advocates and digital rights groups.
 
Dave Stephenson is at the center of one of the most important efforts in mobile networking, the move to shepherd smartphones and other devices among Wi-Fi hotspots safely and automatically.
 
Creating some consternation in the Web development community, Opera Software is switching from a home-built rendering engine to the more widely used open-source WebKit, now employed in the Apple Safari and Google Chrome browsers.
 
Popular do-it-yourself website iFixit today gave Microsoft's Surface Pro tablet the lowest-possible repair score, just 1 out of a possible 10, after spending hours getting the device open.
 
[ MDVSA-2013:011 ] samba
 
President Obama issued an executive order aimed at fostering public-private information sharing among critical infrastructure sectors.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Symantec Encryption Desktop CVE-2012-4352 Local Buffer Overflow Privilege Escalation Vulnerability
 
Symantec Encryption Desktop CVE-2012-4351 Local Integer Overflow Vulnerability
 
[SECURITY] [DSA 2622-1] polarssl security update
 
[SECURITY] [DSA 2621-1] openssl security update
 
Multiple Vulnerabilities in OpenPLI
 
Singapore leads the way in allowing users to own an untethered mobile device, according to a survey of 1,500 users in 10 countries by Dell; U.S. corporations lead on using VDI to control data on those devices.
 
A watch that doubles as a computer and two-way radio has been a technology vision since at least the 1950s. But if recent reports that Apple's interested in an 'iWatch' are true, would such a device sell?
 
Devices used by many radio and TV stations to broadcast emergency messages as part of the U.S. Emergency Alert System (EAS) contain critical vulnerabilities that expose them to remote hacker attacks, according to researchers from security consultancy firm IOActive.
 
Twitter lit up with activity during last night's State of the Union address as users, including journalists and politicians, turned to the social network.
 
Apple today dropped prices of its Retina-equipped 13-in. MacBook Pro by as much as $300, and lowered the price of its top-end MacBook Air by $100.
 
[SECURITY] [DSA 2620-1] rails security update
 
The National Institute of Standards and Technology (NIST) today announced the first step in the development of a Cybersecurity Framework, which will be a set of voluntary standards and best practices to guide industry in reducing cyber ...
 
In a busy February Patch Tuesday, Microsoft fixed another critical Oracle vulnerability in Exchange. Plus, Internet Explorer received fixes.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Simple password obfuscation in Enterprise Architect
 
In his State of the Union address Tuesday night, President Barack Obama made a point of drawing attention to three big tech firms: IBM, Apple and Intel.
 
Global smartphone sales skyrocketed by 38% in the fourth quarter year over year. Meanwhile, Samsung ended 2012 in the top position for both smartphone sales and overall mobile phone sales, Gartner reported.
 
Adobe Flash Player and AIR CVE-2013-0649 Use After Free Remote Code Execution Vulnerability
 
Adobe Flash Player and AIR CVE-2013-0637 Information Disclosure Vulnerability
 
Adobe Flash Player and AIR CVE-2013-1365 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2013-0644 Use After Free Remote Code Execution Vulnerability
 
Researchers from security firm FireEye claim that attackers are actively using a remote code execution exploit that works against the latest versions of Adobe Reader 9, 10 and 11.
 
Oracle Java SE CVE-2013-1480 Remote Code Execution Vulnerability
 
Oracle Java SE CVE-2013-1479 Remote Code Execution Vulnerability
 
RETIRED: Adobe Flash Player and AIR APSB13-05 Multiple Security Vulnerabilities
 
Business travelers willing to give Windows 8 a spin have a noteworthy option in the HP Folio Elitebook Folio 9470m. Attractively slim and lightweight, this 14-inch Ultrabook delivers an assortment of business-oriented features, including a fingerprint scanner, a smart-card slot, and a solid-state drive that boosts performance on any task involving retrieval of data from storage. The battery life, while not outstanding, should get you through a cross-country flight.
 
Oracle Java Runtime Environment CVE-2012-3174 Remote Code Execution Vulnerability
 
Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
 
Researchers at FireEye have notified Adobe of a Reader exploit in the wild. Adobe says it is investigating the report


 
Qt Shared Memory Segments Local Security Bypass Vulnerability
 
In the first part of a three-part series, we look at two companies that have chosen Drupal as their content management system.
 
Tokyo's subways will soon offer a new mobile app with free Wi-Fi access, then track if the information it provides changes passenger habits.
 
President Barack Obama's cybersecurity executive order elicited guarded praise from several quarters even as it revived calls for more comprehensive bipartisan legislation to address long-term security threats.
 

Q-CERT organizes Gov.INFOSEC 2013
Peninsula On-line
Q-CERT organizes Gov.INFOSEC 2013. Wednesday, 13 February 2013. DOHA: The Qatar Cyber Emergency Response Team (Q-CERT) organizes the second annual Information Security Conference, Gov.INFOSEC on Thursday at the St. Regis Hotel, Doha.

 
Apple sold more phones in Japan than any other manufacturer last year, rising above local manufacturers for the first time, according to a research firm.
 
Mozilla yesterday took another step toward delivering a 'Metro' version of Firefox to Windows 8 users.
 
An appeals court should rule, as a matter of law, that Google's commercial use of Java in a market where Oracle already competed was not fair use, the software company said in a filing.
 
February's Patch Tuesday brings 12 Microsoft bulletins that close 57 holes – most of them in Windows. Adobe has also been busy patching critical vulnerabilities in Flash, AIR and Shockwave


 

While lacking any kind of detail, Adobes PSIRT team is reporting that they are aware of Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild.

--

Swa Frantzen -- Section 66
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Polycom Products Directory Traversal and Command Injection Vulnerabilities
 
Adobe Flash Player and AIR CVE-2013-1372 Buffer Overflow Vulnerability
 

NIST Issues Final Draft of Security Controls for Comment
Information Law Group
... primer of the risk management process landscape for privacy and data security, and even those without frontline responsibility for implementing infosec measures, risk management or legal compliance will find it a comprehensive and valuable reference.

 

Posted by InfoSec News on Feb 12

http://www.thejakartapost.com/news/2013/02/13/bumi-e-mail-hacks-show-security-flaws.html

By Raras Cahyafitri
The Jakarta Post
February 13 2013

An expert says that the recent hacks of e-mail accounts belonging to coal miner
PT Bumi Resources show that Indonesia is still lagging in cyber-security.

An investigation conducted by Narliswandi “Iwan” Piliang and digital forensic
analysts Agung Harsoyo and Insan Praja in January determined that...
 

Posted by InfoSec News on Feb 12

http://news.techworld.com/security/3425734/serious-data-breaches-take-months-spot-analysis-finds/

By John E Dunn
Techworld
12 February 2013

More than six out of ten organisations hit by data breaches take longer than
three months to notice what has happened with a few not uncovering attacks for
years, a comprehensive analysis of global incidents by security firm Trustwave
has found.

During 2012, this meant that the average time to discover...
 

Posted by InfoSec News on Feb 12

http://www.bankinfosecurity.com/200-million-card-fraud-scheme-alleged-a-5504

By Tracy Kitten
Bank Info Security
February 12, 2013

Arrests in connection with an alleged $200 million global credit card fraud
ring offer an important reminder about gaps in cross-channel and cross-account
fraud detection, says one anti-money-laundering expert.

Banking institutions must practice more due diligence when it comes to account
activity monitoring -...
 

Posted by InfoSec News on Feb 12

http://arstechnica.com/tech-policy/2013/02/executive-order-to-raise-volume-quality-of-cyber-threat-information/

By Cyrus Farivar
Ars Technica
Feb 12 2013

Just before issuing the 2013 State of the Union address, President
Barack Obama signed an executive order on cybersecurity -- creating a
series of "best practices" between "critical infrastructure"
corporations and the National Institute of Standards and Technology...
 

Posted by InfoSec News on Feb 12

http://www.darkreading.com/authentication/167901072/security/attacks-breaches/240148399/how-lockheed-martin-s-kill-chain-stopped-securid-attack.html

By Kelly Jackson Higgins
Dark Reading
Feb 12, 2013

A few months after RSA had rocked the security world with news that it had been
breached and its SecurID database exposed in a sophisticated attack, defense
contractor Lockheed Martin discovered an intruder in its network using
legitimate...
 
Internet Storm Center Infocon Status