InfoSec News

A hacker who use's the handle Over-X and has over 4000 total defacing logged on zone-h has gone and hacked a very well known organization and left its Sri Lanka website defaced.

Cricket fans have become victims to hackers who have leaked over 3000 accounts from a well known cricket website/forum http://cricfire.com/. The hack comes from a hacker who goes by the handle Le0n B3lm0nt and contains 3,471 accounts.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This is not an official IAF website, its a flight simulator website based on the IAF, nothing more, nothing less. why didn't we publish this 2 first? because we figured you would be smart enough to figure it out, but instead people are now bad mouthing cwn for false reporting...

Gibbs is seriously unimpressed with AT&T's choice of the NVG510 DSL modem
Two U.S. lawmakers on Wednesday asked Apple representatives to brief members of the House Energy and Commerce Committee on the company's mobile privacy policies, saying a letter from Apple did not answer all of their questions.
Scotland Yard arrested six people, including Mark Hanna, the media company's director of group security since 2009
I've made no secret of my distaste for Facebook's interface, which is equal parts messy, confusing, and outright maddening.
Traditionally there have been two ways to host a data loss prevention security service: An on-premise application managed by the customer, or an on-premise application managed by the DLP supplier. BEW Global, a managed security service provider, has a third way: Through the cloud.
Manuel Humberto Santander Pelez SANS Internet Storm Center - Handler Twitter: http://twitter.com/manuelsantander Web: http://manuel.santander.name e-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AOL said late Wednesday that it isn't killing off its popular instant messaging service, contradicting earlier reports online that AIM was a goner.
LightSquared suffered another blow to its hoped-for wholesale 4G mobile business on Wednesday as budget carrier Cricket announced it will use Clearwire to flesh out a planned LTE service.
At this week's Premier 100 in Phoenix, Computerworld's Johanna Ambrosio spoke with Allan Hackney, senior vice president and CIO of John Hancock Financial Services, about the company's bring-your-own-device policies.
A former Google executive has said the company is so focused on advertising and its increasing rivalry with Facebook that the search company is going off track.
U.S. government agencies should be wary of bringing antitrust complaints against tech companies such as Google or Apple, because of the ever-changing nature of the industry, some antitrust experts said Wednesday.
Shrinking budgets have driven many public safety organizations to focus on wringing value out of existing IT implementations and take a close look at whether new technologies actually make sense.
A gap in IT skills affects business productivity and negatively impacts cybersecurity, despite security being a high priority, according to report.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
Oracle Solaris CVE-2012-0109 Local Solaris Vulnerability
Oracle Exadata Infiniband Switch default logins and world readable shadow file
At this week's Premier 100 event in Phoenix, Computerworld's Johanna Ambrosio talked with Tomas Soderstrom, IT CTO for NASA's Jet Propulsion Laboratory, about some of the innovations coming from the lab.
Apple will open its retail stores in 10 countries, including the U.S., at 8 a.m. local time to accommodate buyers of the new iPad, the company said today in a statement.
Oracle Sun Solaris CVE-2012-0094 Remote Security Vulnerability
Struts2 Security Challenge
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Mozilla has kick-started development of a Metro-style version of Firefox for Windows 8, Google has committed to doing the same and Opera Software said yesterday that it's looking into the matter.
Mozilla's Firefox 11 browser features some useful tweaks, especially in its syncing abilities, but no major changes.
Google and AOL have restored the interoperability between their two instant messaging (IM) networks, a little over two weeks after it was temporarily suspended due to a spam flood originating in AOL's AIM that affected Gmail Chat and Google Talk users.
The University of New Hampshire has created a consortium to develop a test suite to ensure interoperability between PCIe SSDs that conform to the Non-Volatile Memory Express specification.
Everything works well in the cloud, until it doesn't.
Alcatel-Lucent this week will unveil a new Ethernet switch for enterprise campus networks that is designed to extend voice, data and video convergence to the wiring closet and access tier.
Software developers should take advantage of forthcoming laptops that combine touch and keyboard capabilities by tapping into the touchscreens, an Intel official said at a developer relations event.
In the leak comes a message which claims the hacked data is from www.viaf.co.il & www.vfs-il.net and the hacked data can be found on several download sites and we can confirm this data is indeed a tone of information and accounts which may take some time to go through.

XnView Multiple Buffer Overflow Vulnerabilities
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
Microsoft Windows Kernel 'Win32k.sys' (CVE-2012-0157) Local Privilege Escalation Vulnerability
The number of job postings in the cloud computing industry is growing so rapidly that there aren't enough qualified workers available to fill the positions, according to an analysis of hiring trends by Wanted Analytics.
Hackers using the handle n4m3Le55 Crew have hacked and leaked a huge amount of accounts from a Nepal Government website in light of the recent censorship fight that is going on across the world.

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0462 Memory Corruption Vulnerability
You use Word's spelling checker every day, and probably just as often encounter some of the tool's puzzling behavior. Do you know how to get rid of a word that you mistakenly added to its dictionary, for instance, or how to hide the red wiggly lines that appear all over your document?
Last week I gave you some useful Windows tips; this week I thought I'd continue the tips theme, and move to Microsoft Word.
Amazon Web Services has added the ability to monitor the status of storage volumes on Elastic Block Store, the company said in a blog post on Tuesday.
Amazon Web Services has added the ability to monitor the status of storage volumes on EBS (Elastic Block Store), the company said in a blog post on Tuesday.
Poltergeisth4cker has started what appears to be a new operation that is aimed towards china, and has started out by defacing a few government websites leaving a common message on them.

Cryptographer Whitfield Diffie reckons one of the most important things for good cryptography and security in the age of the Internet is good code.
Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0456 SVG Filters Information Disclosure Vulnerability
Corporations planning tablet purchases next quarter overwhelmingly voted for Apple's iPad, says ChangeWave Research.
Computerworld's survey shows that the move away from Cobol is happening very slowly -- if at all.
As Baby Boomers retire, the business processes they used to create their Cobol programs may walk out with them. Here's what IT organizations are doing about it.
HTC is preparing an Android 4.0 upgrade for 16 of its existing smartphones, but the company still has few details on when users will get the upgrade, according to a blog posted on Tuesday.
IT managers say they are eagerly awaiting Windows 8-based tablets due out this fall, though some wonder whether it's too late for Microsoft to take on Apple iPads and various Android tablets.
Mozilla Firefox/Thunderbird/SeaMonkey 'array.join' CVE-2012-0464 Memory Corruption Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0457 Use-After-Free Memory Corruption Vulnerability

Posted by InfoSec News on Mar 13


By Taylor Armerding
March 13, 2012

Last week's arrests of five LulzSec leaders was major news in the
hacktivist world, but it looks like that takedown may have been just an
intermediate step in pursuit of a more prominent fugitive: WikiLeaks
founder and editor-in-chief Julian Assange.

The first shock to the loose affiliation of political...

Posted by InfoSec News on Mar 13


By Dan Goodin
Ars Technica
March 13, 2012

Microsoft has plugged a critical hole in all supported versions of
Windows that allows attackers to hit high-value computers with
self-replicating attacks that install malicious code with no user
interaction required.

The vulnerability in the Remote Desktop Protocol is of particular...

Posted by InfoSec News on Mar 13


March 13, 2012

A 2009 data breach that has already cost BlueCross BlueShield of
Tennessee nearly $17 million got a little more expensive Tuesday.

The insurer today agreed to pay $1.5 million to the U.S. Department of
Health and Human Services (HHS) to settle Health Insurance Portability
and Accountability Act...

Posted by InfoSec News on Mar 13


By Kevin McCaney
March 12, 2012

A recent study by security company Trustwave found that the most common
computer passwords are still variations on the word “password.”

That news won’t make anyone spit out their morning coffee; the
prevalence of bad passwords is an established fact of life. But the
report does shed light on why bad passwords are...
BGHH, Bangladeshi grey hat hackers have announced yet another server that has been hacked and ended up with all sites being defaced. The deface page is the exact same deface page we have been seeing for a couple of months now that is related to all the border killings that go on between india and bangladeshi.


Posted by InfoSec News on Mar 13


By Adam Clark Estes
The Atlantic Wire
March 13, 2012

A group of hackers calling themselves Th3 Consortium and claiming to be
affiliated with Anonymous and LulzSec broke into yet
DigitalPlaground.com, the third porn site it's hacked in as many weeks,
stealing 72,000 passwords and 40,000 credit card numbers. All three porn
sites Th3...
Internet Storm Center Infocon Status