Hackin9

If you are using HP ArcSight Connector Appliance (v6.3 and earlier) and Logger (v5.2 and earlier), some potential security vulnerabilities have been identified which could be remotely exploited to allow information disclosure, command injection and cross-site scripting (XSS).

HP recommend to contact support to request the current updates for ArcSight Connector Appliance (v6.4) and ArcSight Logger (v5.3) to resolve these issues. Additional information available here.

[1] http://h20565.www2.http.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700-1ac.admitted=1361054958795.876444892.492883150

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

RedHat released a vulnerability today impacting PTRACE_SETREGS. The release simply states: A race conditon in ptrace can lead to kernel stack corruption and arbitrary kernel-mode code execution. A local unprivileged user could use this flaw to elavate his privileges. It is being tracked as CVE-2013-0871. A PoC was also posted at http://seclists.org/oss-sec/2013/q1/326. According to the advisory, it impacts all Fedora versions.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In the week ending 16 February – Chrome stops declaring RHEL 6 obsolete, US TV channels declare the zombie apocalypse, and the Samsung UEFI bug is confirmed as not having been fixed


 
Samsung is tired of watching Apple run away with most of the money in mobile and is making a big play to become like Apple -- a company that makes not only the hardware, but also the software and the store where you buy stuff.
 

Sydney Morning Herald

Bounty hunters hound out computer bugs
Sydney Morning Herald
Phishing your employees in the name of security. Increasing rates of cybercrime are leading more companies to call on the very people they are afraid of to test the security of their software and websites. Bug bounty contests reward software security ...

and more »
 
Internet Storm Center Infocon Status