Hackin9

Fortinet Names Infosec Partners First Ever UK Partner of Excellence
PR Web (press release)
Having demonstrated a breadth of experience in the security and compliance market over the past 10 years with commitment to extensive training and development with the Fortinet portfolio, Infosec Partners is the first in the UK to be awarded the ...

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Firing range for infosec testing opens in Canberra
Register
After six months' of preparation, the University of New South Wales has opened a cyber-security research centre in Canberra it says is designed to bring together academia, government, defence and business expertise. Sensibly, instead of having students ...

and more »
 

When Microsoft released the Windows 8.1 Update, IT feathers were ruffled by Microsoft's decision to make it a compulsory update: without it, Windows 8.1 systems would no longer receive security fixes. As spotted by Computerworld's Gregg Keizer, Microsoft is applying the same rules, at least in part, to Windows 7.

Windows 7 users who've installed Internet Explorer 11 are required to install the KB2929437 update. This is the Internet Explorer 11 update that corresponds to the Windows 8.1 Update; it doesn't just include security fixes for Microsoft's browser. There are also some new and improved features, including a more capable WebGL implementation and some additional high performance JavaScript features. If users don't install the update, Windows Update will not provide any more security fixes for their browser.

For the next couple of months, Microsoft is actually still making security fixes for the original Internet Explorer 11 on Windows 7 release, but anyone who wants to use them will have to either download and install them manually, or install them through Windows Server Update Services (WSUS), Windows Intune, or System Center Configuration Manager. Even this avenue will end in August. This will give conservative corporations only a limited amount of time to actually test and validate the updated Internet Explorer 11.

Read 5 remaining paragraphs | Comments

 
Microsoft Internet Explorer CVE-2014-1794 Remote Memory Corruption Vulnerability
 

The GHash mining pool says that the Bitcoin community shouldn’t worry at all about the fact that it has recently breached the 51 percent threshold of the total cryptographic hashing output on several occasions.

“Our investment, participation, and highly motivated staff confirm it is our intention to help protect and grow the broad acceptance of Bitcoin and categorically in no way harm or damage it,” Jeffrey Smith, the CIO of GHash.io, said Monday in a prepared statement to Ars. “We never have and never will participate in any 51 [percent] attack or double spend against Bitcoin. Still, we are against temporary solutions, which could repel a 51 [percent] threat.”

Smith did not immediately respond to Ars’ request for further comment.

Read 8 remaining paragraphs | Comments

 
Samsung and Apple are the leading handset manufacturers in the world, but when it comes to which one can drive the mobile market for wireless charging, Samsung looks like the bigger player.
 
"In 2013, we estimated that the NAC market was 350 million dollars, which was an increase of about 55-percent over 2012," says Lawrence Orans, Research Vice President, Gartner, Inc. According to Orans, Gartner expects that growth to slow in 2014, with an estimated increase of 45-percent over 2013 numbers. Burgeoning enterprise BYOD concerns have been the major drivers in that growth, says Orans. NAC vendor ForeScout is integrating its capabilities with those of Invincea in order to further abate those concerns.
 
Microsoft Internet Explorer CVE-2014-2757 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-1788 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-2756 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-2755 Remote Memory Corruption Vulnerability
 
Box has acquired Streem, a cloud storage and file-sharing startup that specializes in large media files and that has developed innovative technology for streaming that type of content.
 
Global gadget giant Samsung Electronics uses techniques from the so-called "maker" community of hobbyists to develop products at a Silicon Valley Internet of Things lab.
 
A hacker exploited publicly known vulnerabilities to install malware on NAS systems made by Synology and used their computing power to generate Dogecoins, a type of cryptocurrency.
 
If Amazon announces a smartphone on Wednesday, as is widely expected, it will face an avalanche of skeptics.
 
Adobe Reader for Android Multiple Arbitrary Code Execution Vulnerabilities
 
Microsoft Internet Explorer CVE-2014-1805 Remote Memory Corruption Vulnerability
 
[SECURITY] [DSA 2960-1] icedove security update
 
[CFP] Hacktivity 2014 CFP is open
 

Women in InfoSec: Building Bonds & New Solutions
Dark Reading
As a woman working in InfoSec for over a decade and a half, I've had the pleasure of becoming good friends with a number of other women in the field. It has occurred to me over the years how similar many of our stories are, both in terms of what ...

 
Microsoft will soon offer a service aimed at making machine-learning technology more widely usable.
 
Developers can try out new features of the next version of Internet Explorer using a test edition released by Microsoft.
 
Some of the Internet's most visited websites that use SSL to encrypt data remain susceptible to a recently announced vulnerability that could allow attackers to intercept and decrypt connections.
 
Opera Web Browser WebP Images Information Disclosure Vulnerability
 
Opera Web Browser TLS CVE-2013-1618 Information Disclosure Vulnerability
 
'The Producers' profited from an idea that was supposed to lose money. Most companies are happy if their call centers produce zero margins. It doesn't have to be that way.
 
Level 3 Communication is buying TW Telecom for approximately $5.7 billion in an effort to boost its metropolitan footprint of fixed networks.
 
The Spamhaus Project will soon publish two new data feeds intended to prevent people from being lured to malware-infected websites and domains.
 
SanDisk is looking to shore up its position in the flash storage market by purchasing Fusion-io for $1.1 billion in an all-cash deal.
 
SanDisk is looking to shore up its position in the flash storage market by purchasing Fusion-io for $1.1 billion in an all-cash deal.
 
Microsoft last week confirmed that the June 10 updates for Office 2013 left some users holding crippled software that refused to run.
 
In hiring its first CISO to prevent another massive data breach, Target made a mistake in not having the top security officer report directly to the chief executive, experts say.
 
LinuxSecurity.com: A vulnerability in KDirStat could allow local attackers to execute arbitrary shell commands.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in memcached, allowing remote attackers to execute arbitrary code or cause Denial of Service.
 
LinuxSecurity.com: A vulnerability in FreeRADIUS can lead to arbitrary code execution or Denial of Service by authenticated users.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements.
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to arbitrary code execution.
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in nspr: Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console [More...]
 
ClipBucket CMS Xss Vulnerability
 
[ MDVSA-2014:125 ] nspr
 
Cisco Autonomic Networking Infrastructure CVE-2014-3290 Security Bypass Vulnerability
 
[SE-2014-01] Security vulnerabilities in Oracle Database Java VM
 
[SECURITY] [DSA 2959-1] chromium-browser security update
 
Still like to take notes by hand? We examine three devices -- the Boogie Board Sync, the Jot Script and the Livescribe 3 Smartpen -- that, in different ways, add functionality to the old-fashioned act of writing.
 
The Spamhaus Project will soon publish two new data feeds intended to prevent people from being lured to malware-infected websites and domains.
 
Opera Web Browser Prior to 12.10 SSL Certificate Validation Security Weakness
 
Opera Web Browser CVE-2012-6467 Multiple Open Redirection Vulnerabilities
 
Memcached Multiple Heap Based Buffer Overflow Vulnerability
 

Fortinet Names Infosec Partners First Ever UK Partner of Excellence
Virtual-Strategy Magazine (press release)
Having demonstrated a breadth of experience in the security and compliance market over the past 10 years with commitment to extensive training and development with the Fortinet portfolio, Infosec Partners is the first in the UK to be awarded the ...

and more »
 
Internet Storm Center Infocon Status