InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ICANN's plans to roll out a slew of new top-level domain names next year, including the .xxx domain, were the subject of House subcommittee hearing Wednesday.
Verizon Wireless finally announced that the Samsung Galaxy Nexus smartphone running Android 4.0 on its 4G LTE network will be available on Thursday in stores and online for $299.99 with a two-year agreement.
Google is ending 2011 with a cliffhanger: Will Google+ succeed? And if it does not, how much damage will the company suffer as a result?
The Galaxy Nexus, the first phone to run the latest version of Android, will finally go on sale Thursday from Verizon.
Eight former staff members of the U.S. House of Representatives Judiciary Committee are now lobbying on behalf of companies or groups supporting controversial copyright enforcement legislation in Congress, an example of the close ties often found between the political establishment and business interests.
A Utah jury has begun deliberating over aS$1 billion antitrust lawsuit Novell first brought against Microsoft in 2004. Observers of the case expect the jury to reach a decision as early as Wednesday evening.
A second round of tests on LightSquared's proposed land-based mobile data network again showed interference with a majority of GPS devices, except for cellphones, two U.S. federal departments said Wednesday.
FBI Director Robert Mueller today said his agency has never sought any information directly from Carrier IQ for any of its investigations.
New details have emerged in Montclair State University's lawsuit against Oracle in connection with a troubled ERP (enterprise resource planning) project, in a court filing that includes more information about Oracle's alleged failings and also accuses the vendor of extortion as well as "inducing" the institution to take on the implementation.
PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
LinkedIn just revealed the results of its study on the most overused buzzwords on LinkedIn profiles. As a dynamic, creative writer with extensive experience and effective communication skills, I've got some advice about which terms should be used or abandoned.
Businesses that want to take advantage of the maturing cloud marketplace in 2012 can learn from some common mistakes others have made when moving to infrastructure- and platform-as-a-service offerings, experts said.
A security testing firm today said a recent report that named Google's Chrome as the most secured browser was flawed -- and part of a campaign by Google to undermine Mozilla's Firefox.
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability
0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9
0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9
ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)
T-Mobile will be the first U.S. wireless carrier to offer a Nokia phone running Windows Mobile when it starts selling the Lumia 710 early next year.
Location-based service provider TeleNav announced an HTML5 browser-based navigation service for mobile devices that will give users the ability to receive free, voice-guided, turn-by-turn directions when using an app or visiting a website for a restaurant or other destination.
The U.S. International Trade Commission (ITC) has delayed ruling on a patent case brought against smartphone maker HTC by Apple.
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability
International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
Computer giant IBM has made legally binding concessions to European Union regulators in order to avoid a fine for anticompetitive practices.
Location-based service provider TeleNav announced an HTML 5 browser-based navigation service for mobile devices that will give users the ability to receive free voice-guided, turn-by-turn directions when using an app or visiting a Web site for a restaurant or other destination.
If you have tech skills and experience, odds are you're going to get a call from an IT recruiter in 2012. That's because IT departments are ramping up hiring at the same time that more IT professionals are ready to leave behind employers offering flat salaries, limited flexibility and aging technology. Insider (registration required)
The U.S. National Transportation Safety Board has recommended that states outlaw the use of all electronic devices while driving. Should the use of personal electronic devices be banned while driving?
NASA's newest robotic rover has already begun its work although it's only a few weeks into its 8-month-long journey to Mars.

By Hillary O’Rourke, Contributor

The cybercriminals responsible for the Nitro attacks have certainly showed audacity in their latest move: Sending malicious emails claiming to be from security vendor Symantec with the company’s own report on those Nitro attacks.

According to a Symantec blog post, the group, which is currently targeting chemical companies, is using the same social engineering techniques they have used in previous attacks, but lately they have been sending malicious emails that are created to look like they were sent by Symantec’s technical support department.

“They are sending targets a password-protected archive, through email, which contains a malicious executable,” explained Symantec researchers keeping a close watch on the group’s attack techniques. “The executable is a variant of the Poison IVY and the email topic is some form of upgrade to popular software, or a security update.”

The security vendor originally exposed the gang in a report released on Nov. 1 on the Nitro attacks that began in July and lasted until September. Those attacks also involved emails carrying a variant of the Poison Ivy backdoor and were specially crafted for each targeted company. According to the blog post, they are still using the same hosting provider for their command and control (C&C) servers.

The Symantec blog post explains one of the emails ‘offers protection from “poison Ivy Trojan’!”

The fraudulent emails come with an attachment called “the_nitro_attackspdf.7z” with an archive containing a file called “the_nitro_attackspdf.exe.” According to the blog post, the large space between “pdf” and “.exe.” is to trick a user into thinking the attachment is a PDF.
When the attachment is opened, the executable creates a file called Isass.exe, more commonly known as Poison IVY, and then creates a PDF file that is none other than Symantec’s Nitro Attacks whitepaper (PDF).

“The attackers, in an attempt to lend some validity to their email, are sending a document to targets that describes their very own activity,” Symantec said.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
GlobalSign released a press release today to address concerns that they may have had a compromise of their CA infrastructure.


They did a good job of stating what they did find and what they didnt. They also address new measures put in place to improve their overall security posture.

We didn't find any evidence of

* Rogue Certificates issued.

* Customer data exposed.

* Compromised GlobalSign Root Certificate keys and associated Hardware Security Modules (HSM).

* Compromised GlobalSign Certificate Authority (CA) infrastructure.

* Compromised GlobalSign Issuing Authorities and associated HSMs.

* Compromised GlobalSign Registration Authority (RA) services.

What did happen

* Peripheral web server, not part of the Certificate issuance infrastructure, hosting a public facing web property was breached.

* What could have been exposed? Publicly available HTML pages, publicly available PDFs, the SSL Certificate and key issued to www.globalsign.com.

* SSL Certificate and key for www.globalsign.com were deemed compromised and revoked.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Google yesterday patched 15 vulnerabilities in Chrome, paying $6,000 in bounties to bug hunters who reported some of them, and updated the browser to version 16.
Location-based service provider TeleNav announced an HTML 5 browser-based navigation service for mobile devices that will give users the ability to receive free voice-guided, turn-by-turn directions when using an app or visiting a Web site for a restaurant or other destination.
Multiple vulnerabilities in Browser CRM
Microsoft's SkyDrive cloud storage service debuted for iPhones this week, after it had been available to Windows users for several years and on Windows Phone 7 devices more recently. Microsoft understands that a lot of Windows users are carrying iPhones with them, so SkyDrive for iOS is a welcome addition, but the personal cloud market already offers plenty of choice.
Citrix XenDesktop shines with unmatched flexibility and all the desktop virtualization bells and whistles. Insider (registration required)
VMware View taps the world's best virtualization platform and PCoIP improvements for highly scalable desktop virtualization. Insider (registration required)
Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
Citrix Receiver, XenDesktop "Pass-the-hash" Attack
Microsoft rolls out one of its most significant updates with the next version of Windows Server 8; find out what it means for your company Insider (registration required)
The latest version of Google's SDK (software development kit) for its cloud platform App Engine includes the High-Replication Datastore, which has been generally available, the company said in a blog post on Tuesday.
Alcatel-Lucent this week rolled out 40G Ethernet modules for its top-of-rack data center switches to help further its data center fabric strategy.
Microsoft has taken steps to make Office 365 more attractive to U.S. and European customers who have to comply with regulatory requirements related to data protection, the company is expected to announce Wednesday.
Here is good news for college seniors with technology skills: The entry-level job market for IT workers looks solid in 2012.
Electrical retailer Comet is aiming to improve the online shopping experience of its customers in the busy run up to Christmas and New Year, with a new application performance monitoring and management tool from Quest.
Seattle Children's Hospital has installed 2,600 zero client devices in four locations, many connected with a wireless LAN that helps doctors and nurses access patient data at the bedside within seconds.
Netgear's ReadyNAS NV+ device includes storage for up to four 1TB hard drives along with three levels of RAID synchronization. Insider (registration required)
Graphics processor maker Nvidia expects gaming systems will reach a performance of "tens of teraflops" by the end of the decade, and will be capable of displaying real-time visuals as good as the pre-rendered cut scenes found in games today, according to company CEO Jen-Hsun Huang.
Citrix XenDesktop 5.5 and VMware View 5 vie for the most flexible, scalable, and complete virtual desktop infrastructure
China can use its power of government control to bring major changes quickly, and it is moving to expand parallel programming training to help its supercomputing efforts.

Posted by InfoSec News on Dec 14

Calling All Sysadmins: Take the 2011 SAGE Sysadmin Salary Survey
(And Enter the Drawing to Win an iPad 2!)

The SAGE survey results give you and your employer a sysadmin-specific
tool to compare your situation with others. It covers the entire range
of administrators. All experience levels and the currently employed and
unemployed are asked to respond. Open until December 31, take the survey


Posted by InfoSec News on Dec 14


By Dan Goodin in San Francisco
The Register
14th December 2011

An electronic device used to control machinery in water plants and other
industrial facilities contains serious weaknesses that allow attackers
to take it over remotely, the US agency that safeguards the nation's
critical infrastructure has warned.

Some models of the Modicon Quantum PLC...

Posted by InfoSec News on Dec 14


By Robert Lemos
Contributing Editor
Dark Reading
Dec 13, 2011

In September, U.S. prosecutors indicted 48-year-old Chunlai Yang, a
naturalized Chinese-American citizen, on charges of stealing software
code and other trade secrets from his employer, trading-software firm
CME Group. U.S....

Posted by InfoSec News on Dec 14


By Michael Riley and John Walcott
December 13, 2011

Google Inc. and Intel Corp. were logical targets for China-based
hackers, given the solid-gold intellectual property data stored in their
computers. An attack by cyber spies on iBahn, a provider of Internet
services to hotels, takes some explaining....

Posted by InfoSec News on Dec 14


By Andrew Blankstein
The Los Angeles Times
December 13, 2011

A Connecticut man who federal authorities say is linked to the hacking
group anonymous has been charged with trying to shut down the website
operated by KISS frontman Gene Simmons.

Kevin George Poe, 24, of Manchester, Conn., was taken into custody

Posted by InfoSec News on Dec 14


By Gregg Keizer
December 13, 2011

Microsoft today issued 13 security updates, one less than expected, that
patched 19 vulnerabilities in Windows, Internet Explorer (IE), Office, and
Windows Media Player.

The company punted on one bulletin it had planned to deliver today after SAP
told it that the patch broke some of...
Internet Storm Center Infocon Status