Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LinuxSecurity.com: New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in asterisk: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in apache-mod_wsgi: It was found that mod_wsgi did not properly drop privileges if the call to setuid\(\) failed. If mod_wsgi was set up to allow [More...]
 
LinuxSecurity.com: Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated python and python-simplejson package fixes security vulnerability Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient [More...]
 
LinuxSecurity.com: Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker [More...]
 
LinuxSecurity.com: Updated gd and libgd packages fix security vulnerability: The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 

Brisbane Times

Infosec still a concern for state's Auditor-General
Brisbane Times
Information security remains an area of concern for the state's Auditor-General. Photo: Michele Mossop. Information security remains an area of concern for the state's Auditor-General, with the number of “significant control weaknesses” identified ...

 

NIST's New Approach to InfoSec Standards
BankInfoSecurity.com
The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to build bridges and jetliners. NIST Fellow Ron Ross, in an interview with Information Security Media Group ...

 

The U.S. Department of Justice announced late Friday that a Chinese businessman has been charged with hacking into the computer systems of Boeing, Lockheed Martin and other aerospace companies. The alleged hacker, Su Bin, is accused of helping unidentified co-conspirators to identify what to steal from the companies' networks—including data on the F-22 and F-35 fighter aircraft and the C-17 cargo plane program. Su, also known as Stephen Su, an executive for a Chinese aerospace company with offices in Canada, was arrested by the Royal Canadian Mounted Police in British Columbia on June 28, in cooperation with the FBI.

According to the Justice Department, Su and the unknown hackers based in China started to collect data in 2009, and continued until 2013. The Justice Department claims that the group "gained remote access from China to information residing on the computer systems of U.S. companies including cleared defense contractors.”  In an email Su sent, he said the aircraft data would help Chinese aircraft designers “stand easily on the giant’s shoulders,” and ""allow us to rapidly catch up with U.S. levels," NBC reported.

Ars will update this report with more details as they become available.

Read on Ars Technica | Comments

 
Internet Storm Center Infocon Status