Hackin9

InfoSec News

If wishing a Facebook friend on his birthday isn't enough, users can now attach real gifts to their greeting with an expanded gift service that the social networking Web site announced on Thursday.
 
A new study by ID Analytics found that more than 10,000 identity fraud rings exist in the U.S., many in the rural Southeast.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Research projects focusing on embedded device security, system resiliency and security metrics are gaining the most attention, experts say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Adobe Flash Player and AIR CVE-2012-5275 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2012-5280 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2012-5279 Memory Corruption Vulnerability
 
Some 20 startups have inked commercial deals with SAP that will see them run production applications with the HANA in-memory database on Amazon Web Services, SAP announced Thursday during the Tech Ed and Sapphire conferences in Madrid.
 
Mozilla today said that income from search partners climbed 31% last year, hinting at the reportedly lucrative deal the open-source foundation struck with fierce browser rival Google.
 
Three U.S. agencies and a group of state attorneys general have filed more than 70 civil and criminal cases against defendants offering allegedly bogus business opportunities, with some of the defendants offering to help customers set up online businesses.
 
Personally identifiable information of "at least" 10,000 NASA employees and contractors remains at risk of compromise following last month's theft of an agency laptop, a spokesman said Thursday.
 
Cisco today announced its intent to acquire privately held Cloupia, a software company that develops products for automating data center operations for the deployment and configuration of physical and virtual resources.
 
NASA's space hunter, the Kepler Space Telescope, has wrapped up its prime mission and is moving into an extended four-year plan to continue searching for other worlds.
 
RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
 
RETIRED: Adobe Flash Player and AIR APSB12-24 Multiple Security Vulnerabilities
 
Oracle MySQL Server CVE-2012-3166 Remote Security Vulnerability
 
The public prosecutor in Hamburg has decided not to start a criminal investigation into the way Googles' Street View cars gathered data from unencrypted Wi-Fi networks in Germany, the lawyer who requested the inquiry said Thursday.
 
A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet.
 
Windows 8 might, or might not, prove to be a big hit with enterprise customers. But SAP is betting it will become an important platform in the workplace, an SAP executive said Thursday
 
[CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air
 
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google has shipped a stronger Flash Player sandbox for the OS X version of Chrome, making good on an August promise to ship a Mac browser better able to ward off exploits of the Adobe software.
 
NASA is instructing its employees to encrypt hard drives after a computer with confidential data went missing – once again. The space agency lost 48 mobile devices over the course of two years


 
Apple Mac OS X CVE-2012-0650 Buffer Overflow Vulnerability
 
SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability
 
Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability
 
Apple's warranty offerings could be pulled in the European Union after it emerged that the E.U. Justice Commissioner has asked member states to look into possible misselling.
 
On election night, as the rest of us again wondered what was going wrong in Florida, the CIO of Florida's Department of State had a different perspective: He was bearing witness to the successful culmination of 17 months of hard work.
 
A new survey found 63% of mobile workers are spending at least six hours each weekend online -- and nearly one-third are online for up to 20 hours over the two days.
 
Brightcove's native plug-in architecture for its App Cloud and Application Craft's launch of Mobile Build are the latest examples of how cross-platform development tools for mobile apps are becoming increasingly cloud-centric.
 
IBM is offering $4 billion in new credit to customers through its partner channel, and has also developed a new mobile application to help them get financing quickly, the company announced Thursday.
 
A cyber intruder says that he managed to copy the personal data of about 150,000 users – including their names, email addresses and password hashes. Adobe has confirmed the intrusion, but not its scope


 
Real Networks RealPlayer CVE-2012-0925 Remote Code Execution Vulnerability
 
Cisco Systems and Qualcomm are putting their considerable wireless weight behind a system to make it easier for retail stores and other venues to offer information to visitors over Wi-Fi.
 
LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
 
Directors admit they aren't adequately engaged in topics such as social media and IT-enabled business innovation
 
IT applications such as smartphone apps and cloud-based infrastructure management can be powerful tools for improving the quality of life in urban settings
 
A career coach provides tips on making the best impression in online settings, such as an 80-20 rule for mixing professional and personal tweets
 
Navigation technology provider TomTom announced developer tools and a platform for location-based services (LBS) in the cloud to help in the rapid creation of apps for finding locations that are used by truck fleets and other businesses.
 
Hewlett-Packard is taking a step away from traditional server design with the new Proliant SL4500 server, which mixes processing, networking and storage units to optimize performance of applications like OpenStack and Hadoop.
 
Samsung on Thursday announced a new 64GB memory chip for smartphones and tablets, which it says is 20 percent smaller and a third faster than current technology.
 
Two former employees of Alabama's court system were indicted on Wednesday for allegedly stealing the source code for a court-records database and transferring it to a Florida-based company.
 
Microsoft is best known for Windows, and for the past six years, Steven Sinofsky has been best known as the man behind Windows. Even the numbers tell a story.
 
Three researchers from North Carolina State University have developed a software protocol that better manages high traffic loads on a Wi-Fi router when too many users connect, the university said on Tuesday.
 
The European Union is moving to build a high-performance computing industry to challenge U.S. dominance, but it doesn't want to play catch-up. It wants to leapfrog, and it is seeing whether ARM Holdings technology can give it that edge.
 
Email is at the center of the scandal that brought down CIA Director David Petraeus, one of the country's most decorated generals.
 
A cyber intruder says that he managed to copy the personal data of about 150,000 users – including their names, email addresses and password hashes. Adobe has confirmed the intrusion, but not its scope


 

Posted by InfoSec News on Nov 15

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240134996/adobe-hacker-says-he-used-sql-injection-to-grab-database-of-150-000-user-accounts.html

By Kelly Jackson Higgins
Dark Reading
Nov 14, 2012

Adobe today confirmed that one of its databases has been breached by a
hacker and that it had temporarily taken offline the affected
Connectusers.com website.

The attacker who claimed responsibility for the attack,...
 

Posted by InfoSec News on Nov 15

http://news.cnet.com/8301-1009_3-57550092-83/obama-reportedly-signs-secretive-cybersecurity-policy-directive/

By Dara Kerr
CNET News
November 14, 2012

President Obama has long said cybersecurity is one of his priorities and
it appears he is now acting on his words.

According to the Washington Post, he is said to have signed a secret
policy directive last month that will give the military and other
government authorities the ability to act...
 

Posted by InfoSec News on Nov 15

http://online.wsj.com/article/SB10001424052970204707104578090793159318064.html

By LUKAS I. ALPERT
The Wall Street Journal
November 14, 2012

MOSCOW -- Political instability is rarely good for business, but
Russia's recent wave of antigovernment protests has created a golden
opportunity for one local software company.

From a tiny basement office in the shadows of Russia's Foreign
Ministry, about 20 engineers at Highload Labs have...
 

Posted by InfoSec News on Nov 15

http://www.sacbee.com/2012/11/13/4982245/loose-gorilla-prankster-messing.html

By Bill Lindelof
sacbee.com
Nov. 13, 2012

Somebody is having a little fun with a traffic warning sign in Loomis.

Josh Carroll, 19, noticed the first message last week near Wells Avenue
and Barton Road that read "Smoke Weed Everyday." The second read
"Caution Loose Gorilla!" -- and the third was profane.

Somebody was able to type a new message...
 

Posted by InfoSec News on Nov 15

http://www.computerworld.com/s/article/9233645/NASA_scrambles_to_encrypt_laptops_after_major_breach

By Jaikumar Vijayan
Computerworld
November 14, 2012

NASA is scrambling to implement full disk encryption on agency laptops
after one containing unencrypted personal information on a "large"
number of people was recently stolen.

Agency employees were told of the October 31 theft of the laptop and
NASA documents from a locked car in...
 
Security firm ReVuln says that it has managed to hack a computer remotely using one or more holes in the Nexuiz FPS game. The company also claims to have discovered further holes in other games


 

InfoSec Institute Live Online Training
Virtual-Strategy Magazine (press release)
InfoSec Institute, the leader in information security training, has launched a Live Online training platform to better serve student needs. "Many of our most popular courses, including Ethical Hacking, CISSP Boot Camp, and Reverse Engineering are now ...

 
Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
 
CryENGINE Remote Code Execution Vulnerability
 
Call of Duty: Modern Warfare 3 Remote Denial of Service Vulnerability
 
Names, email addresses and encrypted passwords of thousands of customers may have been exposed in a breach of the software maker's customer forum.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Companies must get better at making hacking corporate networks complicated and costly for cybercriminals, explains Kaspersky Lab CEO Eugene Kaspersky.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Internet Storm Center Infocon Status