Hackin9

InfoSec News

The U.S. Department of Justice has filed a lawsuit accusing eBay of entering into a "handshake" agreement to not recruit or hire employees of software maker Intuit.
 
Though U.S. political leaders managed to spark some good news for the economy Friday, technology stocks are down for the week, showing a continued lack of confidence in the sector.
 
SharePoint's new application development model has piqued the interest of ISVs and enterprise developers who create applications for Microsoft's enterprise collaboration server.
 
The U.S. Department of Justice has filed a lawsuit accusing eBay of entering into a "handshake" agreement to not recruit or hire employees of software maker Intuit.
 
A U.S. judge has indicated she will accept the terms of a settlement deal between Google and the U.S. Federal Trade Commission, in which Google will pay a $22.5 million fine for circumventing privacy protections in Apple's Safari browser.
 
Open-Realty CMS 2.5.8 (2.x.x) <= Cross Site Request Forgery (CSRF) Vulnerability
 
As Israeli and Hamas forces continue to clash, firing rockets on each other, they've also launched a war of hashtags, English-language tweets and videos on sites like Twitter, YouTube and Facebook.
 
Barnes & Noble's new Nook HD and Nook HD+ ereader/tablets have great displays, improved software and a new video service -- worthy competitors for Amazon's Kindle Fire.
 
Shifting ANZ Banking Group from an Australian and New Zealand centric bank to a super-regional Asia Pacific financial services entity while implementing new technology is Anne Weatherston's top priority for the next five years.
 
DC4420 - London DEFCON - November meet - Tuesday 20th November
 
[SE-2012-01] Security vulnerabilities in Java SE (details released)
 
Enterprise IT decision makers are about half as enthusiastic about the new Windows 8 as they were three years ago about the then-just-released Windows 7, an analyst said today.
 
The hacker group that recently infected Israeli police computers with the Xtreme RAT malware has also targeted government institutions from the U.S., U.K. and other countries, according to researchers from antivirus vendor Trend Micro.
 
U.S. residents can save nearly $8,400 a year in entertainment, clothing, food and other expenses by subscribing to broadband, according to a study released Friday.
 
In this edition: rays from space, an online classroom for pen testers, TED talks on computers and fish, the Stuxnet family, a VM trick, men-in-the-middle and another alternative to Adobe Reader


 
SAP Business Suite customers can now run the software in production form on Amazon Web Services, the companies announced this week during the Sapphire and Tech Ed conferences in Madrid.
 

Siliconrepublic.com

Irish cybercrime conference to unveil latest infosec threats
Siliconrepublic.com
Irish cybercrime conference to unveil latest infosec threats. Next week's fourth annual Irish cybercrime conference will reveal the latest findings into IT security threats facing Irish businesses. At last year's event, organisers IRISSCERT, the non ...

 
In a move aimed at strengthening its ability to offer converged systems, Dell has acquired infrastructure automation software provider Gale Technologies.
 
Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
 
The Top500 is no longer the only ranking game in town: make way for the Graph 500, which tracks how well supercomputers handle big-data-styled workloads.
 
AT&T said it is ahead of schedule for 4G LTE network deployments and has now reached 103 cities in the U.S.
 
[SECURITY] [DSA 2574-1] typo3-src security update
 
According to a report from Bitdefender, cyber criminals managed to inject malicious code into the official Opera portal via a third-party ad server


 

----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A Georgia Tech report on cybersecurity is downplaying mobile threats, but explains that supply chain weaknesses will continue to dog manufacturers and software makers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Widespread use of custom malware in targeted attacks requires better attack preparation and response, and a variety of new malcode defenses.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A German couple are not liable for the filesharing activities of their 13-year old son because they told him unauthorized downloading and sharing of copyrighted material was illegal, and they were unaware the boy violated this prohibition, the German Federal Court of Justice ruled.
 
Xen Multiple Denial of Service Vulnerabilities
 
Xen 'TMEM hypercall' CVE-2012-3497 Multiple Security Vulnerabilities
 
NTT DoCoMo, Japan's largest mobile provider, said Friday it will soon launch the world's first femtocells to support both 3G and LTE networks.
 
A federal court has allowed Samsung to include Apple's iPhone 5 among the products alleged to have infringed its patents, while also allowing Apple to amend its infringement contentions to include the Jelly Bean version of the Android operating system and newer products from Samsung.
 
Apple's iPad shipments for China nearly doubled in the third quarter, after Apple settled in July a lengthy dispute over the iPad trademark name that once threatened to ban the device from store shelves in the country.
 
The initial public offering of Ruckus Wireless, set for Friday, will highlight the growing importance of Wi-Fi in mobile networks as service providers try to meet the demands of smartphone and tablet users.
 
It already sells phones and tablets, provides a wealth of online services and has been laying high-speed fiber to people's homes. Now Google is apparently considering a wireless network service as well.
 
Dell on Thursday reported a sharp drop in revenue and profits for the third quarter as the weak PC market continued to weigh on its results.
 
With Black Friday just a week away and the nagging feeling that we need to get our holiday shopping done, how much online buying will be done at work?
 
A survey by technical support website FixYa indicates that security, missing folders and a lack of app support top the list of user issues with the top five consumer cloud services.
 
With Black Friday just a week away and the nagging feeling that we need to get our holiday shopping done, the question is how much online buying will actually be done at work?
 

Posted by InfoSec News on Nov 16

http://www.thotcon.org/registration.html

What: THOTCON 0x4 - Chicago's Hacking Conference
When: 04.26.13
Where: TOP_SECRET
Tickets: On Sale NOW!!!

***************************************************************************

THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a small
venue hacking conference based in Chicago IL, USA. This is a non-profit,
non-commercial event looking to provide the best conference possible...
 

Posted by InfoSec News on Nov 16

http://www.nextgov.com/cybersecurity/2012/11/report-fifty-eight-percent-energy-computers-went-months-without-bug-fixes/59559/

By Aliya Sternstein
Nextgov
November 15, 2012

A perhaps disturbing summation of the state of federal cyber security:
An internal audit found nearly 60 percent of Energy Department desktop
computers were missing critical software patches -- and those findings
don’t surprise security experts.

Officials risk...
 

Posted by InfoSec News on Nov 16

http://krebsonsecurity.com/2012/11/infamous-hacker-heading-chinese-antivirus-firm/#more-17501

By Brian Krebs
Krebs on Security
November 14th, 2012

What does a young Chinese hacker do once he’s achieved legendary status
for developing Microsoft Office zero-day exploits and using them to
hoover up piles of sensitive data from U.S. Defense Department
contractors? Would you believe: Start an antivirus firm?

That appears to be what’s...
 

Posted by InfoSec News on Nov 16

http://arstechnica.com/security/2012/11/stolen-code-9-month-hacking-spree-lead-to-criminal-charges/

By Dan Goodin
Ars Technica
Nov 15 2012

Federal officials have accused a Dutch man of hacking into a New
Hampshire-based game company, tampering with sensitive user data, and
using the stolen source code to start a competing online game.

Anil Kheda, 24, of the Netherlands, began his hacking spree in November
2007 after one of his accounts was...
 

Posted by InfoSec News on Nov 16

http://www.informationweek.com/security/attacks/anonymous-launches-opisrael-ddos-attacks/240142149

By Mathew J. Schwartz
InformationWeek
November 15, 2012

The hacktivist group Anonymous Thursday announced that it would begin
launching online attacks against a number of Israeli government sites,
as part of its ongoing Operation Israel (OpIsrael).

The Anonymous distributed denial-of-service (DDoS) attacks began at 10
a.m. Israeli time (3 a.m....
 
Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2553 Local Privilege Escalation Vulnerability
 
MantisBT Prior To 1.2.12 Multiple Security Vulnerabilities
 
RETIRED: Apple QuickTime Prior To 7.7.3 Multiple Arbitrary Code Execution Vulnerabilities
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status